How to get certificates for AWS EC2 instance running Parse (by Bitnami)


#1

Please fill out the fields below so we can help you better.

My domain is: AWS EC2

I ran this command: ./certbot-auto --apache certonly

It produced this output:

The last couple of lines are:

The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache control command apache2ctl',)

and ls -la /etc/letsencrypt produced

total 8
drwxr-xr-x  2 root root 4096 Dec  2 06:32 .
drwxr-xr-x 92 root root 4096 Dec  2 06:32 ..

Why 8 when there are no files? I can supply the first 4 pages of the logs from cerbot-auto if you need.

The SSH log also mentions there is a log written to /var/log/letsencrypt/letsencrypt.log as follows:

2016-12-02 06:32:41,918:DEBUG:certbot.main:Root logging level set at 20
2016-12-02 06:32:41,918:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-12-02 06:32:41,922:DEBUG:certbot.main:certbot version: 0.9.3
2016-12-02 06:32:41,922:DEBUG:certbot.main:Arguments: ['--apache']
2016-12-02 06:32:41,922:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2016-12-02 06:32:41,925:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2016-12-02 06:32:41,941:WARNING:certbot.plugins.util:Failed to find apache2ctl in PATH: /opt/bitnami/nodejs/bin:/opt/bitnami/mongodb/bin:/opt/bitnami/php/bin:/opt/bitnami/sqlite/bin:/opt/bitnami/apache2/bin:/opt/bitnami/common/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2016-12-02 06:32:41,945:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Cannot find Apache control command apache2ctl
Traceback (most recent call last):
  File "/home/bitnami/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 106, in prepare
    self._initialized.prepare()
  File "/home/bitnami/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 168, in prepare
    'Cannot find Apache control command {0}'.format(restart_cmd))
NoInstallationError: Cannot find Apache control command apache2ctl
2016-12-02 06:32:41,946:DEBUG:certbot.plugins.selection:No candidate plugin
2016-12-02 06:32:41,946:DEBUG:certbot.plugins.selection:No candidate plugin
2016-12-02 06:32:41,946:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2016-12-02 06:32:41,946:INFO:certbot.main:Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache control command apache2ctl',)
2016-12-02 06:32:41,950:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/home/bitnami/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/bitnami/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main
    return config.func(config, plugins)
  File "/home/bitnami/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 554, in obtain_cert
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/home/bitnami/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/selection.py", line 197, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/home/bitnami/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/selection.py", line 272, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache control command apache2ctl',)

My operating system is (include version):

Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-100-generic x86_64)
       ___ _ _                   _
      | _ |_) |_ _ _  __ _ _ __ (_)
      | _ \ |  _| ' \/ _` | '  \| |
      |___/_|\__|_|_|\__,_|_|_|_|_|

  *** Welcome to the Bitnami Parse Server 2.2.22-0 ***

My web server is (include version): unknown

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I can access it via SSH which is how I ran the certbot-auto commands

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): there is an AWS management console but configuring the Parse server is via SSH


#2

I think Bitnami uses custom versions of software like apache, installed to /opt/bitnami rather than in the more conventional locations that certbot expects apache to be.

The apache plugin in certbot works best with the versions of apache shipped by Ubuntu (and other distros). If you want to keep using the Bitnami version of apache, you’ll probably need to use the webroot or standalone plugin.


#3

@serverco, thx. I looked through the webroot instructions. It’s not clear to me what the line:

need to specify --webroot-path or -w with the top-level directory (“web root”) containing the files served by your webserver

actually refers to. Bitnami instructions to change the instance from http to https all work off /opt/bitnami which is where all the apache related stuff is stored. Perhaps that?


#4

I don’t use bitnami, but yes it’s going to be something like /opt/bitnami

If you were going to place a file called “test.html” in a directory and it appear at yourdomain.com/test.html in the browser - what folder would that be ? if it’s /opt/bitnami - then that’s the web-root. If it’s something like /opt/bitnami/html/test.html then the web-root would be /opt/bitnami/html if that makes sense


#5

@serverco, just tried it. Got this error:

Error: urn:acme:error:rejectedIdentifier :: Policy forbids issuing for name

A quick search suggests bad news… AWS EC2 is blacklisted by LE. I will need to get my own domain name set up first it sounds like.

Oh brother! :sob:


#6

Correct, you will need your own domain name. If can just be a free domain name if you want to - freenom.com - it depends really what you want your domain for.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.