HTTPS certificate not working

My web server doesn't listen on port 443 anymore. I opened already this port on AWS Networking of my instance. How to make my web server listen to this port again ?

1 Like

Did it ever?

This section is very confusing:
Capture1
It tries to setup a virtual host that listens to both 80 and 443.
But only IF version = 2.3 ?
That doesn't sound like anything I would ever want to do.

Can we see the complete file?

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

Yes it was working well from April to September. My certificate was renewed automatically few times already.

I deleted the condition IF version = 2.3 yesterday.

My complete file:

Capture2

Maybe I sould delete as well the <IfVersion <2.3> from my configuration of VirtualHost:80 and from VirtualHost:443 ?

2 Likes

This section is outside of any virtual host:
image
[that looks weird]

I'm not sure this hasn't been deprecated (in your version):
image

Do you have an old backup of this file or folder?
[maybe we can look in there for how it used to be and worked]

Can you run?:
apachectl -S

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

apachectl -S give me:

I never modified my conf file since April.

2 Likes

Please show:
grep -Ri listen /etc/apache2/ /opt/bitnami/

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

grep -Ri listen /etc/apache2/ /opt/bitnami/ give me a long output starting by:

2 Likes

Let's have look at:
cat /etc/apache2/ports.conf

and retry search with sudo:
sudo grep -Ri listen /opt/bitnami/

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

give me:
image

2 Likes

I give up.
The Bitnami is too much for me! - LOL

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

3 Likes

@rg305 Thank you anyway for your time.

Maybe revoke my certificate and issued it again? Reinstall my apache server?

2 Likes

There is no need to revoke the cert; That will not fix anything.

Reinstalling apache could help.
But I'm not sure how that ties in with Bitnami or if you need to reinstall that too.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

As my port 443 was not listening, I forced the listen by modifying: image

now my port 443 is listening:

When I check my SSL Report on
https://www.ssllabs.com/ssltest/analyze.html?d=promis2.laophenixconsulting.com,
I have a new error: Assessment failed: No secure protocols supported
How to solve that ?

3 Likes

You will find that most people around here are highly reluctant to offer advice about modifying any configuration where Bitnami is involved. We have just experienced too many disasters. Even the Bitnami developers themselves strongly discourage modifying your Apache configuration in favor of using Bitnami's tools and options.

To be completely honest with you, I believe you will save yourself a massive amount of time and headache by starting with a clean Bitnami stack per this guide:

Then enabling TLS/SSL per this guide:

2 Likes

I solve my problem !

A few months ago, I followed this tutorial to renew automatically my certificate: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

This morning, I tried to run manually this script but an error returned that my port 80 and 443 were already used. They were because the sudo /opt/bitnami/ctlscript.sh stop apache doesn't work, no idea why.
Edit: Now sudo /opt/bitnami/ctlscript.sh stop apache works ...

I run sudo service apache2 stop and then launch my script and my certificate was renewed successfully.

I have 2 questions:

  1. Should I replace sudo /opt/bitnami/ctlscript.sh stop apache by sudo service apache2 stop in my script? (so sudo /opt/bitnami/ctlscript.sh start apache by sudo service apache2 start as well?)

  2. Why my certificate was not expired yet but not used anymore?
    image

3 Likes

If:
sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/ctlscript.sh start apache
work, then you should use those two.
When they fail, then you should look for the reason(s) why they failed (and fix them).

3 Likes

Absolutely not. When using Bitnami, you always want to use Bitnami's scripts!

When you acquire a new certificate, it becomes your active certificate. This is often accomplished internally with symlinks.


One more thing: this should be a 301 redirect:

4 Likes

thank you @griffin for the answer.
Where did you get that?


One more thing: this should be a 301 redirect:


[/quote]

Where can I parameter that?

2 Likes

You can use curl to see it:

curl -Ik http://promis2.laophenixconsulting.com/
curl -Ik https://promis2.laophenixconsulting.com/ 

You have to look through your code to find where it happens.

4 Likes

Oh okay good to know :+1:

3 Likes