Letsencrypt cerbot bitnami 'httpd could not start'


#1

WordPress 4.7.2, running on Apache 2.4.23 :

Bitnami Wordpress Lightsail

Linux 3.13 generic

Was it installed as the root user?

Lightsail Bitnami wordpress installation

Is there anything you’ve done and/or tried with the application before posting here?

No
E.g. changed permissions or installed a plugin:

Used lightsail to launch a wordpress server, then went to this tutorial:

https://docs.bitnami.com/aws/components/apache/#how-to-install-the-lets-encrypt-client2

The letsencrypt cerbot tutorial is straight forward, until apache restart.

I am now getting an error on apache restart:

httpd could not be started

My httpd-vhosts.conf original file:

<VirtualHost *:80>
    ServerName wordpress.example.com
    ServerAlias www.wordpress.example.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"

    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

<VirtualHost *:443>
    ServerName wordpress.example.com
    ServerAlias www.wordpress.example.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
    SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/server.key"

    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

My httpd-vhosts.conf edited file:

<VirtualHost *:80>
    ServerName 54.xx.xxx.xxx (PUBLIC_IP)
    ServerAlias www.MyDomain.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"

    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

<VirtualHost *:443>
    ServerName 54.xx.xxx.xxx (PUBLIC_IP)
    ServerAlias www;MyDomain.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
    SSLCertificateKeyFile "opt/bitnami/apache2/conf/certs/server.key"

   Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

I’ve pointed the pem and keys to where the bitnami letsencrypt tutorial says to copy the certs over to:

Below is an apache2 error log report:

[Thu Feb 09 22:13:00.165679 2017] [ssl:error] [pid 1740:tid 140302623450944] AH02579: Init: Private key not found
[Thu Feb 09 22:13:00.165725 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Feb 09 22:13:00.165739 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Thu Feb 09 22:13:00.165762 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Feb 09 22:13:00.165783 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Thu Feb 09 22:13:00.165806 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Thu Feb 09 22:13:00.165816 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Feb 09 22:13:00.165826 2017] [ssl:error] [pid 1740:tid 140302623450944] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error    (Type=PKCS8_PRIV_KEY_INFO)
[Thu Feb 09 22:13:00.165830 2017] [ssl:emerg] [pid 1740:tid 140302623450944] AH02312: Fatal error initialising mod_ssl, exiting.
[Thu Feb 09 22:13:00.165833 2017] [ssl:emerg] [pid 1740:tid 140302623450944] AH02564: Failed to configure encrypted (?) private key localhost:443:0, check /opt/bitnami/apache2/conf/server.key
AH00016: Configuration Failed

My assumption is it;s the above file that is preventing httpd to start sine it needs to validate the letsencrypt certs to preform https.

Any help is greatly appreciated.


#2

If you can’t copy/paste them (why not?), you can surely read them, no? If so, you can tell us what the logs are saying, right? The error log is essential to diagnose this problem…


#3

Finally learned to output the error logs to txt. It’s corrected above.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.