Expired Certificate?

danmorris · July 22, 2020, 9:36pm

I’m very new at this so I apologize ahead of time if what I’m saying doesn’t make sense and is too long.

The short version is that my certificate showed that it had expired even though I had renewed it a few weeks ago. I tried to renew it again and now am receiving the following error:

Syntax error on line 562 of /opt/bitnami/apache2/conf/httpd.conf: Syntax error on line 13 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf: Expected but saw

How can I fix this?

The longer version is that I renewed my certificate about three weeks ago, but today I couldn’t connect to my website because my browser said the certificate had expired yesterday (the original expiration day). I walked through the renewal process again figuring I had screwed something up earlier. Partway through the process, though, I received this notice in Bitnami:

You have an existing certificate that has exactly the same domains or certificate name you
requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/lighthousenextsteps.org.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Since I couldn’t get to my site because of an expired certificate, I opted to renew and replace the cert. Everything seemed to go fine until I realized that my site was completely down, not just showing an expired cert. I then again walked through the process in the Lightsail documentation (see below) only this time selecting to renew and replace the cert. Again no luck.

I just keep getting the syntax error Syntax error on line 562 of /opt/bitnami/apache2/conf/httpd.conf: Syntax error on line 13 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf: Expected but saw

I don’t know what I did to royally mess things up, but I would greatly appreciate it if you could help me resolve this.

Thanks!

Dan

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:lighthousenextsteps.org

I ran this command:https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

It produced this output:Syntax error on line 562 of /opt/bitnami/apache2/conf/httpd.conf: Syntax error o
n line 13 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf: Expected but sa
w

My web server is (include version):

The operating system my web server runs on is (include version):Linux

My hosting provider, if applicable, is:AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

_az · July 22, 2020, 9:39pm

That syntax error in line 13 of bitnami.conf is likely the root cause of all of your problems.

At some point, that mistake was introduced, and when your certificate renewed, the mistake prevented your webserver from reloading and applying the renewed certificate.

It’s also the same reason you can’t start your webserver.

It shouldn’t be hard to fix. Could you post the contents of the /opt/bitnami/apache2/conf/bitnami/bitnami.conf file?

danmorris · July 22, 2020, 11:46pm

Thanks for your help. I hope you’re right that it shouldn’t be hard to fix.

# Default Virtual Host configuration.

<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>

_az · July 23, 2020, 12:02am

That file is certainly quite broken.

I don’t know how it got that way, but your best bet is probably to restore it back to its original state.

Where to get the original file? I think it depends on what Bitnami Application stack you installed, and what version it was at the time when you installed it. Do you know those details?

When you’re setting up Let’s Encrypt SSL on Bitnami, it’s best to follow these instructions: https://docs.bitnami.com/general/faq/administration/generate-configure-certificate-letsencrypt/. There is a tool suited to the Bitnami environment, not using Certbot.

danmorris · July 23, 2020, 1:56am

Well that’s a bummer. But not surprising. If there’s a way to break it, leave it to me to do it. lol. But I have no idea how this happened. I haven’t done anything with configuration files except try to renew the cert. And I’m pretty sure it worked just fine when I did it a few weeks ago.

I don’t know the details you ask about, but I have a snapshot I can revert to. Of course, it’s a couple fo months old so I’ll have lots of updates to take care of. Lesson learned. . . make regular snapshots.

Thanks for you help.

Dan

_az · July 23, 2020, 2:17am

You could possibly save yourself some heartache by restoring the snapshot to a second temporary EC2/Lightsail instance and then just copy that one file.

danmorris · July 23, 2020, 7:43pm

_az, I just wanted to thank you for your help. I’ve got the site back up and running thanks to your suggestions. It took me a little while, but that’s because I’m learning as I’m going. You definitely saved my bacon. Thanks!

system · August 22, 2020, 7:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.