Incorrect common name for SSL certificate


#1

I generated an SSL certificate for my website using Let’s Encrypt and the Webroot method (found here). The site is a wordpress site hosted on AWS using a Bitnami AMI. I specified the top-level directory containing the files served by your webserver as “/home/bitnami/apps/‘myWordpressModuleName’/htdocs”. The certificate is generated successfully; however my URL shows the https:// in red and crossed out.

This is apparently due to an incorrect certificate common name of “example.com” (shown below).

Why is the certificate name being generated incorrectly? And how can I change/fix it?

All help is appreciated. Thanks.


#2

You should make sure that the system is set up to use the LE certificate. Based on the screenshot, it’s using a self-signed certificate, not the LE one.


#3

Ok. How do I tell the site to use the Let’s Encrypt certificate?


#4

Based on what information I could find, you’ll need your certificate in a specific directory. I’d create symbolic links to the /etc/letsencrypt/live area so that renewals aren’t an issue.

If you need additional assistance, you may need to look at the info for your Bitnami appliance to see if they offer more assistance on how to use the certificate.


#5

Ok, you were right that I needed to set up the website to use the LE certificate. So these are the steps I took to use a Let’s Encrypt (LE) SSL certificate on my bitnami AMI instance on Amazon ec2. Note that this site has a domain name.

1) Get certbot

Follow the instructions here which are reporduced below. Linux commands:
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

2) Generate the LE SSL certificate

Use the webroot method to generate SSL certificates
./certbot-auto certonly --webroot -w /home/bitnami/apps/<yourWordpressSiteFolder>/htdocs -d <yourDomainName.com>

3) Configure your site to use the LE SSL certificate

Once the certificates are generated you have two options. I did it one way, and bitnami suggests another way to do it here.

First, the way I did it:

Open the following file.

/opt/bitnami/apps/<yourWordpressSiteFolder>/conf/httpd-vhosts.conf

Change

SSLCertificateFile "/opt/bitnami/apps/<yourWordpressSiteFolder>/conf/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apps/<yourWordpressSiteFolder>/conf/certs/server.key"

To

SSLCertificateFile "/etc/letsencrypt/live/<yourDomainName>/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/<yourDomainName>/privkey.pem"

Now the way bitnami suggests:
Bitnami suggests just copying the Let’s Encrypt certificate and key file to the location of the existing certificate. I don’t believe auto renew would work with this method, because I think you would need to copy the new cert.pem and privkey.pem files again each time you renew your certificate, but maybe I’m wrong and these files don’t change. Anyway, if you want to see bitnami’s instructions for this, click here.

4) Restart Apache

For changes to the httpd file to take effect, you need to restart the Apache web server. This can be done with bitnami with the following command.
sudo /opt/bitnami/ctlscript.sh restart apache

5) Your site is now https!

However, it is likely the https:// text is not green in your URL. If you click the https:// text you may see this message:
Mixed Content
The site includes HTTP resources.
View requests in Network Panel

The way I fixed this was to install the ‘Really Simple SSL’ plugin, by Rogier Lankhorst, from the Wordpress Plugin Repository and activate it.

After activating it you will need to click a button that says ‘use SSL’ or something similar. Once it converts your site to use https it may tell you that it can’t modify the .htaccess file. You may not need to allow access to the .htaccess file for the plugin and site to work, but if you want to allow access to it, use the following commands in the terminal of your site.

Warning! I am not knowlegeable when it comes to permissions for files like .htaccess. If it is dangerous to change the permissions as I suggest below, please leave a comment telling me.

Now for the commands to allow the plugin access to .htaccess
sudo chown -R bitnami:daemon /opt/bitnami/apps/<yourWordpressSiteFolder>/htdocs/.htaccess
sudo chmod 664 /opt/bitnami/apps/<yourWordpressSiteFolder>/htdocs/.htaccess

And there you go! The plugin and your site should now be working and using https!

6) Optional: Automate renewal

First do a dry run to test the renewal. Then set it up for renewal. The commands are written below and they were copied from here.
./path/to/certbot-auto renew --dry-run 
./path/to/certbot-auto renew --quiet --no-self-upgrade

Feel free to leave comments for any questions or variations you implement in getting a LE certificate working on your website!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.