LetsEncrypt Cert with EC2 Bitnami

baim · April 5, 2018, 6:10pm

Great news!

I was able to complete the force SSL and I can verify the certificate is active using the following link (https://www.ssllabs.com/ssltest/analyze.html?d=baim.tv)

However, when I try to access the website using the URL: https://www.baim.tv I get an error and the WordPress URL Settings is greyed out and I cannot change to https.

How do I correct this/

Thanks

schoen · April 5, 2018, 7:22pm

The trouble is that www.baim.tv doesn’t exist at all in your DNS zone. You’ll need to create it in DNS as a first step.

baim · April 5, 2018, 7:45pm

Hi Schoen,

I am not sure where you are referring the DNS Zone be added. If you are referring to AWS is there as I was able to access the cite prior to forcing https. Could you please be more detailed or specific?

Thanks,

B.

schoen · April 5, 2018, 7:47pm

I don’t know how your DNS is handled, but there is literally no such name as www.baim.tv right now. This is independent of the existence of a certificate; nobody can find it on the Internet using any kind of software for any purpose because your DNS servers don’t agree that the name exists at all!

It does look like AWS is responsible for your DNS records.

baim · April 5, 2018, 8:20pm

Hello,

As far as I can see, it looks like the record is there. What am I missing?

Thanks!

schoen · April 5, 2018, 8:59pm

Those all refer to baim.tv, not www.baim.tv.

baim · April 5, 2018, 9:56pm

Oh ok! So do I need to add them both or do I change the one to add www?

schoen · April 5, 2018, 10:12pm

If you want people to be able to access the service regardless of which name they type in, you need to add both.

baim · April 6, 2018, 12:49am

Oh, ok, this is new for me, so thank you for your patience. I have added another DNS record. Is this correct now?

schoen · April 6, 2018, 1:50am

Yes, but apparently your nameserver doesn’t know about it yet for some reason. Did you commit this change?

rg305 · April 6, 2018, 2:12am

that last line is unnecessary and is causing the problem:
compare:
http://dnsviz.net/d/www.baim.tv/dnssec/
with:
http://dnsviz.net/d/baim.tv/dnssec/

baim · April 6, 2018, 2:49am

As far as I know I did. How can I check?

baim · April 6, 2018, 2:50am

Hi,

Not sure what you mean.

rg305 · April 6, 2018, 2:56am

the last line in your dns02.jpeg file is the problem
the NS entry for www.baim.tv

baim · April 6, 2018, 3:16am

ok, i deleted it.does this look correct now?

rg305 · April 6, 2018, 3:17am

the picture looks good
but it hasn’t yet propagated out to all the DNS servers: http://dnsviz.net/d/www.baim.tv/dnssec/

baim · April 6, 2018, 3:21am

ok, so do we just wait now and see?

rg305 · April 6, 2018, 3:24am

It looks like it should be fine now…
try and try again

baim · April 6, 2018, 3:28am

I’m getting security errors when i try to access the website.

rg305 · April 6, 2018, 3:36am

the certificate is only for "baim.tv"
SSL Server Test: www.baim.tv (Powered by Qualys SSL Labs)
you need to get a new cert for both names:
baim.tv
www.baim.tv

if that is the last command you ran, then just add the www at the end
like:
./certbot-auto certonly --webroot -w /home/bitnami/htdocs/ -d baim.tv -d www.baim.tv

NOTE: using "certonly" requires some additional manual step(s) to use the new cert.
I would rather use the apache plugin, if that works.