Interpreting Post-Hook Output from Bitnami Server with Certbot

SvenS · September 4, 2017, 9:56am

Please fill out the fields below so we can help you better.

I ran this command: ./certbot-auto renew --dry-run --pre-hook “sudo /opt/bitnami/ctlscript.sh stop” --post-hook “sudo /opt/bitnami/ctlscript.sh start”

It produced this output: everything went fine but then it ended with the post-hook: sudo /opt/bitnami/ctlscript.sh start - after that nothing ever happened again. I never saw my prompt anymore. BTW: I’m using putty to access my VM that is running a Bitnami LAMP

My web server is (include version): Bitnami LAMP (latest)

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

Some questions:

List item

Why does it never showed the command prompt anymore after successfully renewing the certificate?

List item

What is the right command, to see until when the current certificate is still valid?

List item

Is it normal, that the folder /live/ does not “update” it’s date when a successful renewal was done?

List item

Can someone point me to a good tutorial, so the certificate will be renewed automatically, e.g. by a cron job?

Thank you very much.

rg305 · September 4, 2017, 3:28pm

A1. unknown to me - try checking the LE logs for more details.

A2. certbot certificates

SvenS · September 27, 2017, 7:10am

Hi rg305
Many thanks for the information. I was now able to find and access my log file with:

$ sudo -i
$ cd /var/log/letsencrypt/
$ nano letsencrypt.log

Now the last lines in that log file are:

2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/www.myhomepage.com/privkey2.pem.
2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/www.myhomepage.com/cert2.pem.
2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/www.myhomepage.com/chain2.pem.
2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/www.myhomepage.com/fullchain2.pem.
2017-09-04 09:00:31,344:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/www.myhomepage.com.conf.new.
2017-09-04 09:00:31,346:DEBUG:certbot.renewal:no renewal failures
2017-09-04 09:00:31,346:INFO:certbot.hooks:Running post-hook command: sudo /opt/bitnami/ctlscript.sh start
2017-09-10 19:21:44,635:INFO:certbot.hooks:Output from sudo:
2017-09-04T09:00:31.461119Z mysqld_safe Logging to '/opt/bitnami/mysql/data/mysqld.log'.
2017-09-04T09:00:31.478514Z mysqld_safe Starting mysqld.bin daemon with databases from /opt/bitnami/mysql/data
/opt/bitnami/mysql/scripts/ctl.sh : mysql  started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

2017-09-10T19:21:44.634224Z mysqld_safe mysqld from pid file /opt/bitnami/mysql/data/mysqld.pid ended

2017-09-10 19:21:44,635:ERROR:certbot.hooks:Error output from sudo:
AH00548: NameVirtualHost has no effect and will be removed in the next release /opt/bitnami/apps/aadictation/conf/httpd-vhosts.conf:1
Syntax OK
AH00548: NameVirtualHost has no effect and will be removed in the next release /opt/bitnami/apps/aadictation/conf/httpd-vhosts.conf:1

Unfortunaly that doesn't tell me anything. What could be wrong? Why am I not seeing the prompt anymore after the update process?

Any help very welcome.

Thanks.

jared.m · September 27, 2017, 8:35am

Probably that you shouldn’t be using NameVirtualHost directives in your httpd conf files. Looks like it’s confusing Certbot as it tries to parse these files. I’m not that intimately familiar with Apache, though.

SvenS · September 27, 2017, 12:43pm

Hi jared.m
thank you for the fast reply. But that is a message I always get when I start or restart my apache server. It has no effect whatsoever and it’s shown to me ever since the server was installed. I never changed anything in this direction.
In other words I can’t belive that I should change the core of the server in any way to get letsencrypt functioning correctly. I would rather leave the core system and server as it is and not start to change it for this issue.

Any other ideas?

Many thanks.

rg305 · September 27, 2017, 11:40pm

Try adding
-v
or
-vv
for added verbose output in the logs

ahaw021 · September 29, 2017, 3:38am

If you look at the results

A) You obtained the certificates

2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/www.myhomepage.com/privkey2.pem.
2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/www.myhomepage.com/cert2.pem.
2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/www.myhomepage.com/chain2.pem.
2017-09-04 09:00:29,838:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/www.myhomepage.com/fullchain2.pem.
2017-09-04 09:00:31,344:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/www.myhomepage.com.conf.new.
2017-09-04 09:00:31,346:DEBUG:certbot.renewal:no renewal failures

B) You started the mysql server
C) Starting the apache server gave you warnings

AH00548: NameVirtualHost has no effect and will be removed in the next release /opt/bitnami/apps/aadictation/conf/httpd-vhosts.conf:1
Syntax OK
AH00548: NameVirtualHost has no effect and will be removed in the next release /opt/bitnami/apps/aadictation/conf/httpd-vhosts.conf:100:

Work with bitnami forums/support for this issue

Your site is working fine with a certificate valid to 3rd December 2017

Andrei

SvenS · September 29, 2017, 11:21am

Hi Andrei,

many thanks!!! That was a great hint however it doesn't seem to be a solution yet. I quickly googled those lines and came up with this solution:
Remove of NameVirtualHost

In the file

/opt/bitnami/apps/aadictation/conf/httpd-vhosts.conf

I discovered two lines:

NameVirtualHost: *80

and

NameVirtualhost: *443

and removed them. Then I started the dry run command, as seen in my original post, again and the log file now it looks like this:

2017-09-29 10:31:54,468:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/www.myhomepage.com
2017-09-29 10:31:54,469:DEBUG:certbot.renewal:no renewal failures
2017-09-29 10:31:54,469:INFO:certbot.hooks:Running post-hook command: sudo /opt/bitnami/ctlscript.sh start

Then I thought let's do it with verbose -v or -vv as rg305 suggested. When I startet this about 15 minutes later from a second shell it answered me:

Another instance of Certbot is already running.

So still the issue remains, that I never see my prompt anymore when running certbot.

UPDATE
Now I just discovered, if I restart my server from the second shell I do get a reaction from the first shell (which is still in progress with certbot). Before I restart the server from the second shell the first shell looks like this:

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.myhomepage.com/fullchain.pem

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.myhomepage.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

no renewal failures
Running post-hook command: sudo /opt/bitnami/ctlscript.sh start
.

With the cursor waiting below the last line.
But after I restarted the server from the second shell, the first shell looks like this:

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.myhomepage.com/fullchain.pem

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/www.myhomepage.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

no renewal failures
Running post-hook command: sudo /opt/bitnami/ctlscript.sh start
Output from sudo:
2017-09-29T11:01:21.270890Z mysqld_safe Logging to '/opt/bitnami/mysql/data/mysqld.log'.
2017-09-29T11:01:21.287518Z mysqld_safe Starting mysqld.bin daemon with databases from /opt/bitnami/mysql/data
/opt/bitnami/mysql/scripts/ctl.sh : mysql  started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

2017-09-29T11:05:32.913037Z mysqld_safe mysqld from pid file /opt/bitnami/mysql/data/mysqld.pid ended

Error output from sudo:
Syntax OK

The last two lines Error output from sudo: and Syntax OK are written in red color.

Any help still very welcome.

I guess I have to solve this problem prior to creating a cron job for this?

Many thanks!

ahaw021 · September 29, 2017, 1:47pm

These are bitnami related issues so i suggest you post on their forums

You have renewed the certificates certificates and the post-hook fired.

Anything else is really not something this forum is designed to support (we all volunteer and it’s not fair for people who have certificate related issues for us to support web servers etc). The issues you have and are getting feedback on are related with how you have configured bitnami and are not caused by certbot.

Andrei

SvenS · September 30, 2017, 5:05am

Hi Andrei,

Thanks for the help.
I will do so.

system · October 30, 2017, 5:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.