Installed the certificate - now I get the Apache default page?!


#1

My domain is: soundsauce.co.uk

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16.0.04

My hosting provider, if applicable, is: AWS/EC2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I got my certificate installed successfully, but now when I enter my domain name I go to the Apache default welcome screen - it used to point to my WordPress home page.


#2

Sounds like there might be duplicate virtual hosts. What’s this show?

apachectl -t -D DUMP_VHOSTS

#3
VirtualHost configuration:
*:80                   localhost (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:8)
*:443                  localhost (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:43)

#4

Would you be able to show the full contents of /opt/bitnami/apache2/conf/bitnami/bitnami.conf ?

If there are any sensitive details, you may edit them.


#5

Default Virtual Host configuration.

<IfVersion < 2.3 >

NameVirtualHost *:80

NameVirtualHost *:443

</IfVersion>

<VirtualHost default:80>

DocumentRoot “/opt/bitnami/apache2/htdocs”

<Directory “/opt/bitnami/apache2/htdocs”>

Options Indexes FollowSymLinks

AllowOverride All

<IfVersion < 2.3 >

Order allow,deny

Allow from all

</IfVersion>

<IfVersion >= 2.3 >

Require all granted

</IfVersion>

</Directory>

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”

</VirtualHost>

Default SSL Virtual Host configuration.

<IfModule !ssl_module>

LoadModule ssl_module modules/mod_ssl.so

</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3

SSLHonorCipherOrder on

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+E$

SSLPassPhraseDialog builtin

SSLSessionCache “shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)”

SSLSessionCacheTimeout 300

<VirtualHost default:443>

DocumentRoot “/opt/bitnami/apache2/htdocs”

SSLEngine on

SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”

SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”

<Directory “/opt/bitnami/apache2/htdocs”>

Options Indexes FollowSymLinks

AllowOverride All

<IfVersion < 2.3 >

Order allow,deny

Allow from all
</IfVersion>

<IfVersion >= 2.3 >

Require all granted

</IfVersion>

</Directory>

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”

</VirtualHost>

Bitnami applications that uses virtual host configuration

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf”


#6

Is this actually what’s in the file, or was it just a problem pasting it into the forum?

Ignoring the obvious errors, the SSL and non-SSL configuration seems to be the same … odd.


#7

Ah, yeah… pasting issues haha

I just ran Certbot --apache and allowed it to force HTTPS. Everything was fine/normal until that point.


#8

When you ran Certbot, did you specifically tell it to look for the Bitnami copy of Apache? I’m just wondering if it’s implicitly using the OS-provided copy of Apache … which is why your site may have disappeared.

find /etc/apache2

#9

I didn’t specifically tell it anything; I just followed the Certbot instructions. Here’s what find shows:

/etc/apache2

/etc/apache2/apache2.conf

/etc/apache2/magic

/etc/apache2/mods-enabled

/etc/apache2/mods-enabled/autoindex.conf

/etc/apache2/mods-enabled/mpm_event.load

/etc/apache2/mods-enabled/authn_core.load

/etc/apache2/mods-enabled/negotiation.load

/etc/apache2/mods-enabled/socache_shmcb.load

/etc/apache2/mods-enabled/autoindex.load

/etc/apache2/mods-enabled/filter.load

/etc/apache2/mods-enabled/dir.conf

/etc/apache2/mods-enabled/negotiation.conf

/etc/apache2/mods-enabled/dir.load

/etc/apache2/mods-enabled/status.load

/etc/apache2/mods-enabled/ssl.load

/etc/apache2/mods-enabled/authn_file.load

/etc/apache2/mods-enabled/alias.load

/etc/apache2/mods-enabled/ssl.conf

/etc/apache2/mods-enabled/authz_core.load

/etc/apache2/mods-enabled/deflate.conf

/etc/apache2/mods-enabled/setenvif.load

/etc/apache2/mods-enabled/deflate.load

/etc/apache2/mods-enabled/env.load

/etc/apache2/mods-enabled/access_compat.load

/etc/apache2/mods-enabled/setenvif.conf

/etc/apache2/mods-enabled/mime.conf

/etc/apache2/mods-enabled/authz_host.load

/etc/apache2/mods-enabled/rewrite.load

/etc/apache2/mods-enabled/mpm_event.conf

/etc/apache2/mods-enabled/status.conf

/etc/apache2/mods-enabled/alias.conf

/etc/apache2/mods-enabled/auth_basic.load

/etc/apache2/mods-enabled/authz_user.load

/etc/apache2/mods-enabled/mime.load

/etc/apache2/ports.conf

/etc/apache2/envvars

/etc/apache2/sites-available

/etc/apache2/sites-available/default-ssl.conf

/etc/apache2/sites-available/000-default.conf

/etc/apache2/sites-available/000-default-le-ssl.conf

/etc/apache2/conf-enabled

/etc/apache2/conf-enabled/other-vhosts-access-log.conf

/etc/apache2/conf-enabled/security.conf

/etc/apache2/conf-enabled/serve-cgi-bin.conf

/etc/apache2/conf-enabled/localized-error-pages.conf

/etc/apache2/conf-enabled/charset.conf

/etc/apache2/sites-enabled

/etc/apache2/sites-enabled/000-default.conf

/etc/apache2/sites-enabled/000-default-le-ssl.conf

/etc/apache2/conf-available

/etc/apache2/conf-available/other-vhosts-access-log.conf

/etc/apache2/conf-available/security.conf

/etc/apache2/conf-available/serve-cgi-bin.conf

/etc/apache2/conf-available/localized-error-pages.conf

/etc/apache2/conf-available/charset.conf

/etc/apache2/mods-available

/etc/apache2/mods-available/ldap.load

/etc/apache2/mods-available/lua.load

/etc/apache2/mods-available/cgid.load

/etc/apache2/mods-available/dialup.load

/etc/apache2/mods-available/autoindex.conf

/etc/apache2/mods-available/reflector.load

/etc/apache2/mods-available/authz_dbd.load

/etc/apache2/mods-available/cache_disk.conf

/etc/apache2/mods-available/mime_magic.conf

/etc/apache2/mods-available/socache_memcache.load

/etc/apache2/mods-available/mpm_event.load

/etc/apache2/mods-available/speling.load

/etc/apache2/mods-available/dump_io.load

/etc/apache2/mods-available/ident.load

/etc/apache2/mods-available/session_crypto.load

/etc/apache2/mods-available/slotmem_shm.load

/etc/apache2/mods-available/proxy.conf

/etc/apache2/mods-available/charset_lite.load

/etc/apache2/mods-available/ext_filter.load

/etc/apache2/mods-available/proxy_fdpass.load

/etc/apache2/mods-available/authn_core.load

/etc/apache2/mods-available/include.load

/etc/apache2/mods-available/buffer.load

/etc/apache2/mods-available/headers.load

/etc/apache2/mods-available/negotiation.load

/etc/apache2/mods-available/info.conf

/etc/apache2/mods-available/proxy_html.load

/etc/apache2/mods-available/socache_shmcb.load

/etc/apache2/mods-available/socache_dbm.load

/etc/apache2/mods-available/proxy_fcgi.load

/etc/apache2/mods-available/vhost_alias.load

/etc/apache2/mods-available/mime_magic.load

/etc/apache2/mods-available/lbmethod_bytraffic.load

/etc/apache2/mods-available/proxy.load

/etc/apache2/mods-available/xml2enc.load

/etc/apache2/mods-available/dav.load

/etc/apache2/mods-available/ratelimit.load

/etc/apache2/mods-available/echo.load

/etc/apache2/mods-available/mpm_prefork.load

/etc/apache2/mods-available/autoindex.load

/etc/apache2/mods-available/filter.load

/etc/apache2/mods-available/userdir.conf

/etc/apache2/mods-available/auth_form.load

/etc/apache2/mods-available/dir.conf

/etc/apache2/mods-available/file_cache.load

/etc/apache2/mods-available/actions.conf

/etc/apache2/mods-available/negotiation.conf

/etc/apache2/mods-available/authn_anon.load

/etc/apache2/mods-available/authz_owner.load

/etc/apache2/mods-available/proxy_ajp.load

/etc/apache2/mods-available/proxy_http.load

/etc/apache2/mods-available/dir.load

/etc/apache2/mods-available/status.load

/etc/apache2/mods-available/ssl.load

/etc/apache2/mods-available/lbmethod_byrequests.load

/etc/apache2/mods-available/ldap.conf

/etc/apache2/mods-available/expires.load

/etc/apache2/mods-available/proxy_balancer.load

/etc/apache2/mods-available/dav_lock.load

/etc/apache2/mods-available/sed.load

/etc/apache2/mods-available/unique_id.load

/etc/apache2/mods-available/authn_file.load

/etc/apache2/mods-available/cgi.load

/etc/apache2/mods-available/dav_fs.load

/etc/apache2/mods-available/proxy_wstunnel.load

/etc/apache2/mods-available/remoteip.load

/etc/apache2/mods-available/alias.load

/etc/apache2/mods-available/ssl.conf

/etc/apache2/mods-available/asis.load

/etc/apache2/mods-available/mpm_prefork.conf

/etc/apache2/mods-available/proxy_html.conf

/etc/apache2/mods-available/usertrack.load

/etc/apache2/mods-available/authz_core.load

/etc/apache2/mods-available/allowmethods.load

/etc/apache2/mods-available/deflate.conf

/etc/apache2/mods-available/substitute.load

/etc/apache2/mods-available/setenvif.load

/etc/apache2/mods-available/deflate.load

/etc/apache2/mods-available/info.load

/etc/apache2/mods-available/dav_fs.conf

/etc/apache2/mods-available/env.load

/etc/apache2/mods-available/cgid.conf

/etc/apache2/mods-available/access_compat.load

/etc/apache2/mods-available/proxy_ftp.conf

/etc/apache2/mods-available/setenvif.conf

/etc/apache2/mods-available/reqtimeout.conf

/etc/apache2/mods-available/mime.conf

/etc/apache2/mods-available/authz_host.load

/etc/apache2/mods-available/lbmethod_bybusyness.load

/etc/apache2/mods-available/request.load

/etc/apache2/mods-available/session_dbd.load

/etc/apache2/mods-available/rewrite.load

/etc/apache2/mods-available/mpm_event.conf

/etc/apache2/mods-available/lbmethod_heartbeat.load

/etc/apache2/mods-available/macro.load

/etc/apache2/mods-available/mpm_worker.conf

/etc/apache2/mods-available/proxy_ftp.load

/etc/apache2/mods-available/userdir.load

/etc/apache2/mods-available/reqtimeout.load

/etc/apache2/mods-available/authnz_fcgi.load

/etc/apache2/mods-available/proxy_balancer.conf

/etc/apache2/mods-available/status.conf

/etc/apache2/mods-available/authz_dbm.load

/etc/apache2/mods-available/heartmonitor.load

/etc/apache2/mods-available/mpm_worker.load

/etc/apache2/mods-available/actions.load

/etc/apache2/mods-available/cache_disk.load

/etc/apache2/mods-available/alias.conf

/etc/apache2/mods-available/suexec.load

/etc/apache2/mods-available/dbd.load

/etc/apache2/mods-available/authn_dbd.load

/etc/apache2/mods-available/cache_socache.load

/etc/apache2/mods-available/cache.load

/etc/apache2/mods-available/auth_basic.load

/etc/apache2/mods-available/authn_dbm.load

/etc/apache2/mods-available/authn_socache.load

/etc/apache2/mods-available/authz_groupfile.load

/etc/apache2/mods-available/authz_user.load

/etc/apache2/mods-available/heartbeat.load

/etc/apache2/mods-available/session_cookie.load

/etc/apache2/mods-available/log_debug.load

/etc/apache2/mods-available/authnz_ldap.load

/etc/apache2/mods-available/proxy_scgi.load

/etc/apache2/mods-available/mime.load

/etc/apache2/mods-available/slotmem_plain.load

/etc/apache2/mods-available/proxy_connect.load

/etc/apache2/mods-available/proxy_express.load

/etc/apache2/mods-available/data.load

/etc/apache2/mods-available/log_forensic.load

/etc/apache2/mods-available/auth_digest.load

/etc/apache2/mods-available/session.load

Any ideas?


#10

Yeah. I’m pretty sure Certbot stopped your Bitnami Apache server, started your Ubuntu Apache server, and configured that instead.

So, here’s what I would do.

  1. Stop the Ubuntu Apache server: systemctl stop apache2 && systemctl disable apache2

  2. Restart Bitnami’s Apache (however you do it). This will get your website back.

  3. When you run Certbot, you need to run it with these options, pointing to Bitnami’s versions instead:

     Apache Web Server plugin
    
     --apache-enmod APACHE_ENMOD
                           Path to the Apache 'a2enmod' binary (default: a2enmod)
     --apache-dismod APACHE_DISMOD
                           Path to the Apache 'a2dismod' binary (default:
                           a2dismod)
     --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                           SSL vhost configuration extension (default: -le-
                           ssl.conf)
     --apache-server-root APACHE_SERVER_ROOT
                           Apache server root directory (default: /etc/apache2)
     --apache-vhost-root APACHE_VHOST_ROOT
                           Apache server VirtualHost configuration root (default:
                           None)
     --apache-logs-root APACHE_LOGS_ROOT
                           Apache server logs directory (default:
                           /var/log/apache2)
     --apache-challenge-location APACHE_CHALLENGE_LOCATION
                           Directory path for challenge configuration (default:
                           /etc/apache2)
     --apache-handle-modules APACHE_HANDLE_MODULES
                           Let installer handle enabling required modules for you
                           (Only Ubuntu/Debian currently) (default: True)
     --apache-handle-sites APACHE_HANDLE_SITES
                           Let installer handle enabling sites for you (Only
                           Ubuntu/Debian currently) (default: True)
     --apache-ctl APACHE_CTL
                           Full path to Apache control script (default:
                           apache2ctl)

#11

Can I not just alter a server config to point to the WP directory?


#12

To stop the Apache server, I need a password - I was never given a password for that, only a keyfile for the Bitnami Apache.


#13

I don’t understand. You ran Certbot as root, right?

sudo su -

to get into a root terminal.


#14

Yeah. But the command:
systemctl stop apache2 && systemctl disable apache2

gives me:

apache2.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install disable apache2 insserv: fopen(.depend.stop): Permission denied ==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon === Authentication is required to reload the systemd state. Authenticating as: Ubuntu (bitnami) Password: Failed to execute operation: Connection timed out polkit-agent-helper-1: pam_authenticate failed: Authentication failure update-rc.d: error: Permission denied


#15

If you get that message when running the command as root, I’m not too sure how to help you.

To me, it looks like you ran that command as the bitnami user rather than as root

Is there an admin you can get help from, that has higher privileges on this server?


#16

No, this is an unmanaged VPS. When I launched the instance through AWS, it doesn’t give you root access; it gives you Bitnami (which I thought was a root user or something)…

Actually, WordPress is completely backed up so I could just launch a new instance without Bitnami and just install LAMP and WordPress probably within 30 minutes. Would that work?


#17

I mean, if you want. You should be able to elevate to real root by just typing sudo su - though. That’s usually how AWS instances work.


#18

Ok, so I found a guide, specifically for Bitnami WordPress using Lego Client.

Here it is: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

All working now! Thanks you so much though _az, I have learned a lot!


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.