Lightsail Failed Install

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://austinmichael.co/

I ran this command: All of these

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

It produced this output: It said it installed, but it isn’t showing up…

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Amazon Lightsail

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No. Amazon Lightsail Instance

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I installed the cert, but my site was loading painfully slow, so I deleted the DNS and static IP it was attached to and started all over. I didn’t save the TXT records that were provided when I installed the cert.

Do I have to delete the whole instance and start over, or can I recover the TXT records? Or is that not the issue at all?

It doesn’t matter. You can start again and it will give you new TXT records.

Be careful not to start again too many times. Let’s Encrypt has rate limits and if you issue 5 identical certificates in a week, you will be prevented from creating new ones for 7 days.

Unfortunately I didn’t get new txt records…

IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/austinmichael.co/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/austinmichael.co/privkey.pem
  Your cert will expire on 2020-05-15. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew all of your certificates, run
  “certbot renew”
• If you like Certbot, please consider supporting our work by:

Regarding your site being painfully slow, obviously you need the right lightsail spec for whatever type of site you’re running but also watch out for CPU credits. On lightsail these are invisible but when you exceed them your server will run at a fraction of it’s normal speed. I’ve been caught out by that a couple of times until I realized what it was.

I’ll keep an eye out for that. Any idea how to obtain a new SSL?

You did obtain a new certificate.

(I don't know what command you ran, but Let's Encrypt normally does not require you to validate again to obtain multiple certificates within a short period of time.)

Fair enough. The site doesn’t show as secure, though. How do I troubleshoot that?

Any help is appreciated. It says it’s installed, but it isn’t showing up.

Hi, your cert it isn’t copying the files to where your webserver needs them. Instead your server is still pointing to the default bitnami example certificate.

Follow this guide? https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

I got it installed, but now the site is down…

I did get this error

AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt’ does not exist or is empty
apache config test fails, aborting

It’s worthwhile for you to take a step back and read up about configuring SSL on Apache. Your site conf file is pointing to files that don’t exist, and that’s something you have complete control over. Fire up a nano text editor and edit your conf file to point to the right certificate paths, then restart apache.

Also the article I linked for you was probably not the best as it doesn’t really use certbot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.