My web server doesn't listen on port 443 anymore. I opened already this port on AWS Networking of my instance. How to make my web server listen to this port again ?
Did it ever?
This section is very confusing:
It tries to setup a virtual host that listens to both 80 and 443.
But only IF version = 2.3 ?
That doesn't sound like anything I would ever want to do.
Can we see the complete file?
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Yes it was working well from April to September. My certificate was renewed automatically few times already.
I deleted the condition IF version = 2.3 yesterday.
My complete file:
Maybe I sould delete as well the <IfVersion <2.3> from my configuration of VirtualHost:80 and from VirtualHost:443 ?
This section is outside of any virtual host:
[that looks weird]
I'm not sure this hasn't been deprecated (in your version):
Do you have an old backup of this file or folder?
[maybe we can look in there for how it used to be and worked]
Can you run?:
apachectl -S
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Please show:
grep -Ri listen /etc/apache2/ /opt/bitnami/
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Let's have look at:
cat /etc/apache2/ports.conf
and retry search with sudo
:
sudo grep -Ri listen /opt/bitnami/
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
I give up.
The Bitnami is too much for me! - LOL
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
@rg305 Thank you anyway for your time.
Maybe revoke my certificate and issued it again? Reinstall my apache server?
There is no need to revoke the cert; That will not fix anything.
Reinstalling apache could help.
But I'm not sure how that ties in with Bitnami or if you need to reinstall that too.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
As my port 443 was not listening, I forced the listen by modifying:
now my port 443 is listening:
When I check my SSL Report on
https://www.ssllabs.com/ssltest/analyze.html?d=promis2.laophenixconsulting.com,
I have a new error: Assessment failed: No secure protocols supported
How to solve that ?
You will find that most people around here are highly reluctant to offer advice about modifying any configuration where Bitnami is involved. We have just experienced too many disasters. Even the Bitnami developers themselves strongly discourage modifying your Apache configuration in favor of using Bitnami's tools and options.
To be completely honest with you, I believe you will save yourself a massive amount of time and headache by starting with a clean Bitnami stack per this guide:
Then enabling TLS/SSL per this guide:
I solve my problem !
A few months ago, I followed this tutorial to renew automatically my certificate: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/
This morning, I tried to run manually this script but an error returned that my port 80 and 443 were already used. They were because the sudo /opt/bitnami/ctlscript.sh stop apache doesn't work, no idea why.
Edit: Now sudo /opt/bitnami/ctlscript.sh stop apache works ...
I run sudo service apache2 stop and then launch my script and my certificate was renewed successfully.
I have 2 questions:
-
Should I replace sudo /opt/bitnami/ctlscript.sh stop apache by sudo service apache2 stop in my script? (so sudo /opt/bitnami/ctlscript.sh start apache by sudo service apache2 start as well?)
-
Why my certificate was not expired yet but not used anymore?
If:
sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/ctlscript.sh start apache
work, then you should use those two.
When they fail, then you should look for the reason(s) why they failed (and fix them).
Absolutely not. When using Bitnami, you always want to use Bitnami's scripts!
When you acquire a new certificate, it becomes your active certificate. This is often accomplished internally with symlinks.
One more thing: this should be a 301 redirect:
thank you @griffin for the answer.
Where did you get that?
One more thing: this should be a 301 redirect:
[/quote]
Where can I parameter that?
You can use curl
to see it:
curl -Ik http://promis2.laophenixconsulting.com/
curl -Ik https://promis2.laophenixconsulting.com/
You have to look through your code to find where it happens.
Oh okay good to know