Installed the certificate - now I get the Apache default page?!

benalexwilde · December 10, 2018, 9:33am

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16.0.04

My hosting provider, if applicable, is: AWS/EC2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I got my certificate installed successfully, but now when I enter my domain name I go to the Apache default welcome screen - it used to point to my WordPress home page.

_az · December 10, 2018, 9:48am

Sounds like there might be duplicate virtual hosts. What’s this show?

apachectl -t -D DUMP_VHOSTS

benalexwilde · December 10, 2018, 9:50am

VirtualHost configuration:
*:80                   localhost (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:8)
*:443                  localhost (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:43)

_az · December 10, 2018, 9:51am

Would you be able to show the full contents of /opt/bitnami/apache2/conf/bitnami/bitnami.conf ?

If there are any sensitive details, you may edit them.

benalexwilde · December 10, 2018, 9:55am

Default Virtual Host configuration.

NameVirtualHost *:80

NameVirtualHost *:443

</IfVersion>

DocumentRoot "/opt/bitnami/apache2/htdocs"

Options Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</IfVersion>

Require all granted

</IfVersion>

</Directory>

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"

</VirtualHost>

Default SSL Virtual Host configuration.

LoadModule ssl_module modules/mod_ssl.so

</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3

SSLHonorCipherOrder on

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+E$

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"

SSLSessionCacheTimeout 300

DocumentRoot "/opt/bitnami/apache2/htdocs"

SSLEngine on

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"

SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

Options Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all
</IfVersion>

Require all granted

</IfVersion>

</Directory>

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"

</VirtualHost>

Bitnami applications that uses virtual host configuration

Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

_az · December 10, 2018, 10:02am

Is this actually what's in the file, or was it just a problem pasting it into the forum?

Ignoring the obvious errors, the SSL and non-SSL configuration seems to be the same ... odd.

benalexwilde · December 10, 2018, 10:04am

Ah, yeah… pasting issues haha

I just ran Certbot --apache and allowed it to force HTTPS. Everything was fine/normal until that point.

_az · December 10, 2018, 10:06am

When you ran Certbot, did you specifically tell it to look for the Bitnami copy of Apache? I’m just wondering if it’s implicitly using the OS-provided copy of Apache … which is why your site may have disappeared.

find /etc/apache2

benalexwilde · December 10, 2018, 10:14am

I didn’t specifically tell it anything; I just followed the Certbot instructions. Here’s what find shows:

/etc/apache2

/etc/apache2/apache2.conf

/etc/apache2/magic

/etc/apache2/mods-enabled

/etc/apache2/mods-enabled/autoindex.conf

/etc/apache2/mods-enabled/mpm_event.load

/etc/apache2/mods-enabled/authn_core.load

/etc/apache2/mods-enabled/negotiation.load

/etc/apache2/mods-enabled/socache_shmcb.load

/etc/apache2/mods-enabled/autoindex.load

/etc/apache2/mods-enabled/filter.load

/etc/apache2/mods-enabled/dir.conf

/etc/apache2/mods-enabled/negotiation.conf

/etc/apache2/mods-enabled/dir.load

/etc/apache2/mods-enabled/status.load

/etc/apache2/mods-enabled/ssl.load

/etc/apache2/mods-enabled/authn_file.load

/etc/apache2/mods-enabled/alias.load

/etc/apache2/mods-enabled/ssl.conf

/etc/apache2/mods-enabled/authz_core.load

/etc/apache2/mods-enabled/deflate.conf

/etc/apache2/mods-enabled/setenvif.load

/etc/apache2/mods-enabled/deflate.load

/etc/apache2/mods-enabled/env.load

/etc/apache2/mods-enabled/access_compat.load

/etc/apache2/mods-enabled/setenvif.conf

/etc/apache2/mods-enabled/mime.conf

/etc/apache2/mods-enabled/authz_host.load

/etc/apache2/mods-enabled/rewrite.load

/etc/apache2/mods-enabled/mpm_event.conf

/etc/apache2/mods-enabled/status.conf

/etc/apache2/mods-enabled/alias.conf

/etc/apache2/mods-enabled/auth_basic.load

/etc/apache2/mods-enabled/authz_user.load

/etc/apache2/mods-enabled/mime.load

/etc/apache2/ports.conf

/etc/apache2/envvars

/etc/apache2/sites-available

/etc/apache2/sites-available/default-ssl.conf

/etc/apache2/sites-available/000-default.conf

/etc/apache2/sites-available/000-default-le-ssl.conf

/etc/apache2/conf-enabled

/etc/apache2/conf-enabled/other-vhosts-access-log.conf

/etc/apache2/conf-enabled/security.conf

/etc/apache2/conf-enabled/serve-cgi-bin.conf

/etc/apache2/conf-enabled/localized-error-pages.conf

/etc/apache2/conf-enabled/charset.conf

/etc/apache2/sites-enabled

/etc/apache2/sites-enabled/000-default.conf

/etc/apache2/sites-enabled/000-default-le-ssl.conf

/etc/apache2/conf-available

/etc/apache2/conf-available/other-vhosts-access-log.conf

/etc/apache2/conf-available/security.conf

/etc/apache2/conf-available/serve-cgi-bin.conf

/etc/apache2/conf-available/localized-error-pages.conf

/etc/apache2/conf-available/charset.conf

/etc/apache2/mods-available

/etc/apache2/mods-available/ldap.load

/etc/apache2/mods-available/lua.load

/etc/apache2/mods-available/cgid.load

/etc/apache2/mods-available/dialup.load

/etc/apache2/mods-available/autoindex.conf

/etc/apache2/mods-available/reflector.load

/etc/apache2/mods-available/authz_dbd.load

/etc/apache2/mods-available/cache_disk.conf

/etc/apache2/mods-available/mime_magic.conf

/etc/apache2/mods-available/socache_memcache.load

/etc/apache2/mods-available/mpm_event.load

/etc/apache2/mods-available/speling.load

/etc/apache2/mods-available/dump_io.load

/etc/apache2/mods-available/ident.load

/etc/apache2/mods-available/session_crypto.load

/etc/apache2/mods-available/slotmem_shm.load

/etc/apache2/mods-available/proxy.conf

/etc/apache2/mods-available/charset_lite.load

/etc/apache2/mods-available/ext_filter.load

/etc/apache2/mods-available/proxy_fdpass.load

/etc/apache2/mods-available/authn_core.load

/etc/apache2/mods-available/include.load

/etc/apache2/mods-available/buffer.load

/etc/apache2/mods-available/headers.load

/etc/apache2/mods-available/negotiation.load

/etc/apache2/mods-available/info.conf

/etc/apache2/mods-available/proxy_html.load

/etc/apache2/mods-available/socache_shmcb.load

/etc/apache2/mods-available/socache_dbm.load

/etc/apache2/mods-available/proxy_fcgi.load

/etc/apache2/mods-available/vhost_alias.load

/etc/apache2/mods-available/mime_magic.load

/etc/apache2/mods-available/lbmethod_bytraffic.load

/etc/apache2/mods-available/proxy.load

/etc/apache2/mods-available/xml2enc.load

/etc/apache2/mods-available/dav.load

/etc/apache2/mods-available/ratelimit.load

/etc/apache2/mods-available/echo.load

/etc/apache2/mods-available/mpm_prefork.load

/etc/apache2/mods-available/autoindex.load

/etc/apache2/mods-available/filter.load

/etc/apache2/mods-available/userdir.conf

/etc/apache2/mods-available/auth_form.load

/etc/apache2/mods-available/dir.conf

/etc/apache2/mods-available/file_cache.load

/etc/apache2/mods-available/actions.conf

/etc/apache2/mods-available/negotiation.conf

/etc/apache2/mods-available/authn_anon.load

/etc/apache2/mods-available/authz_owner.load

/etc/apache2/mods-available/proxy_ajp.load

/etc/apache2/mods-available/proxy_http.load

/etc/apache2/mods-available/dir.load

/etc/apache2/mods-available/status.load

/etc/apache2/mods-available/ssl.load

/etc/apache2/mods-available/lbmethod_byrequests.load

/etc/apache2/mods-available/ldap.conf

/etc/apache2/mods-available/expires.load

/etc/apache2/mods-available/proxy_balancer.load

/etc/apache2/mods-available/dav_lock.load

/etc/apache2/mods-available/sed.load

/etc/apache2/mods-available/unique_id.load

/etc/apache2/mods-available/authn_file.load

/etc/apache2/mods-available/cgi.load

/etc/apache2/mods-available/dav_fs.load

/etc/apache2/mods-available/proxy_wstunnel.load

/etc/apache2/mods-available/remoteip.load

/etc/apache2/mods-available/alias.load

/etc/apache2/mods-available/ssl.conf

/etc/apache2/mods-available/asis.load

/etc/apache2/mods-available/mpm_prefork.conf

/etc/apache2/mods-available/proxy_html.conf

/etc/apache2/mods-available/usertrack.load

/etc/apache2/mods-available/authz_core.load

/etc/apache2/mods-available/allowmethods.load

/etc/apache2/mods-available/deflate.conf

/etc/apache2/mods-available/substitute.load

/etc/apache2/mods-available/setenvif.load

/etc/apache2/mods-available/deflate.load

/etc/apache2/mods-available/info.load

/etc/apache2/mods-available/dav_fs.conf

/etc/apache2/mods-available/env.load

/etc/apache2/mods-available/cgid.conf

/etc/apache2/mods-available/access_compat.load

/etc/apache2/mods-available/proxy_ftp.conf

/etc/apache2/mods-available/setenvif.conf

/etc/apache2/mods-available/reqtimeout.conf

/etc/apache2/mods-available/mime.conf

/etc/apache2/mods-available/authz_host.load

/etc/apache2/mods-available/lbmethod_bybusyness.load

/etc/apache2/mods-available/request.load

/etc/apache2/mods-available/session_dbd.load

/etc/apache2/mods-available/rewrite.load

/etc/apache2/mods-available/mpm_event.conf

/etc/apache2/mods-available/lbmethod_heartbeat.load

/etc/apache2/mods-available/macro.load

/etc/apache2/mods-available/mpm_worker.conf

/etc/apache2/mods-available/proxy_ftp.load

/etc/apache2/mods-available/userdir.load

/etc/apache2/mods-available/reqtimeout.load

/etc/apache2/mods-available/authnz_fcgi.load

/etc/apache2/mods-available/proxy_balancer.conf

/etc/apache2/mods-available/status.conf

/etc/apache2/mods-available/authz_dbm.load

/etc/apache2/mods-available/heartmonitor.load

/etc/apache2/mods-available/mpm_worker.load

/etc/apache2/mods-available/actions.load

/etc/apache2/mods-available/cache_disk.load

/etc/apache2/mods-available/alias.conf

/etc/apache2/mods-available/suexec.load

/etc/apache2/mods-available/dbd.load

/etc/apache2/mods-available/authn_dbd.load

/etc/apache2/mods-available/cache_socache.load

/etc/apache2/mods-available/cache.load

/etc/apache2/mods-available/auth_basic.load

/etc/apache2/mods-available/authn_dbm.load

/etc/apache2/mods-available/authn_socache.load

/etc/apache2/mods-available/authz_groupfile.load

/etc/apache2/mods-available/authz_user.load

/etc/apache2/mods-available/heartbeat.load

/etc/apache2/mods-available/session_cookie.load

/etc/apache2/mods-available/log_debug.load

/etc/apache2/mods-available/authnz_ldap.load

/etc/apache2/mods-available/proxy_scgi.load

/etc/apache2/mods-available/mime.load

/etc/apache2/mods-available/slotmem_plain.load

/etc/apache2/mods-available/proxy_connect.load

/etc/apache2/mods-available/proxy_express.load

/etc/apache2/mods-available/data.load

/etc/apache2/mods-available/log_forensic.load

/etc/apache2/mods-available/auth_digest.load

/etc/apache2/mods-available/session.load

Any ideas?

_az · December 10, 2018, 10:16am

Yeah. I’m pretty sure Certbot stopped your Bitnami Apache server, started your Ubuntu Apache server, and configured that instead.

So, here’s what I would do.

Stop the Ubuntu Apache server: systemctl stop apache2 && systemctl disable apache2
Restart Bitnami’s Apache (however you do it). This will get your website back.

When you run Certbot, you need to run it with these options, pointing to Bitnami’s versions instead:

 Apache Web Server plugin

 --apache-enmod APACHE_ENMOD
                       Path to the Apache 'a2enmod' binary (default: a2enmod)
 --apache-dismod APACHE_DISMOD
                       Path to the Apache 'a2dismod' binary (default:
                       a2dismod)
 --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                       SSL vhost configuration extension (default: -le-
                       ssl.conf)
 --apache-server-root APACHE_SERVER_ROOT
                       Apache server root directory (default: /etc/apache2)
 --apache-vhost-root APACHE_VHOST_ROOT
                       Apache server VirtualHost configuration root (default:
                       None)
 --apache-logs-root APACHE_LOGS_ROOT
                       Apache server logs directory (default:
                       /var/log/apache2)
 --apache-challenge-location APACHE_CHALLENGE_LOCATION
                       Directory path for challenge configuration (default:
                       /etc/apache2)
 --apache-handle-modules APACHE_HANDLE_MODULES
                       Let installer handle enabling required modules for you
                       (Only Ubuntu/Debian currently) (default: True)
 --apache-handle-sites APACHE_HANDLE_SITES
                       Let installer handle enabling sites for you (Only
                       Ubuntu/Debian currently) (default: True)
 --apache-ctl APACHE_CTL
                       Full path to Apache control script (default:
                       apache2ctl)

benalexwilde · December 10, 2018, 10:16am

Can I not just alter a server config to point to the WP directory?

benalexwilde · December 10, 2018, 10:18am

To stop the Apache server, I need a password - I was never given a password for that, only a keyfile for the Bitnami Apache.

_az · December 10, 2018, 10:18am

I don’t understand. You ran Certbot as root, right?

sudo su -

to get into a root terminal.

benalexwilde · December 10, 2018, 10:20am

Yeah. But the command:
systemctl stop apache2 && systemctl disable apache2

gives me:

apache2.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install disable apache2 insserv: fopen(.depend.stop): Permission denied ==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon === Authentication is required to reload the systemd state. Authenticating as: Ubuntu (bitnami) Password: Failed to execute operation: Connection timed out polkit-agent-helper-1: pam_authenticate failed: Authentication failure update-rc.d: error: Permission denied

_az · December 10, 2018, 10:24am

If you get that message when running the command as root, I’m not too sure how to help you.

To me, it looks like you ran that command as the bitnami user rather than as root …

Is there an admin you can get help from, that has higher privileges on this server?

benalexwilde · December 10, 2018, 10:26am

No, this is an unmanaged VPS. When I launched the instance through AWS, it doesn’t give you root access; it gives you Bitnami (which I thought was a root user or something)…

Actually, WordPress is completely backed up so I could just launch a new instance without Bitnami and just install LAMP and WordPress probably within 30 minutes. Would that work?

_az · December 10, 2018, 10:27am

I mean, if you want. You should be able to elevate to real root by just typing sudo su - though. That’s usually how AWS instances work.

benalexwilde · December 10, 2018, 11:22am

Ok, so I found a guide, specifically for Bitnami WordPress using Lego Client.

Here it is: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

All working now! Thanks you so much though _az, I have learned a lot!

system · January 9, 2019, 11:22am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.