Not able to obtain lets encrypt certificate

rg305 · December 19, 2018, 4:40am

This seems to be the one:

Please show that file (if large you can upload it here or through any service like paste.bin).

topper1309 · December 19, 2018, 4:43am

Here it is,

# Default Virtual Host configuration.

<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny                          
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"


<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny                          
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

mnordhoff · December 19, 2018, 4:45am

Does it set “SSLEngine on” anywhere…?

rg305 · December 19, 2018, 4:45am

It has the port 80 vhost - but I don't see the port 443 vhost

Perhaps it is included here:

Let's have a look at what is there:
ls -l /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf
If only one file (not a directory), just show the file here.

topper1309 · December 19, 2018, 4:46am

@mnordhoff No it does not say in this file

topper1309 · December 19, 2018, 4:48am

The file bitnami-apps-vhosts.conf only says

# Bitnami applications installed in a Virtual Host

topper1309 · December 19, 2018, 4:50am

It actually says port 443 in bitnami.conf , if I am not wrong

<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"

rg305 · December 19, 2018, 4:54am

OK yes we can use that vhost block.
It seems to only need the basic info on where the cert is.
Add this just after

SSLCertificateFile /opt/bitnami/apache2/conf/server.crt
SSLCertificateKeyFile /opt/bitnami/apache2/conf/server.key

Then restart bitnami

topper1309 · December 19, 2018, 4:57am

I added the code, now when I stop. It shows the below error

AH00526: Syntax error on line 45 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file '/opt/bitnami/apache2/conf/server.crt' does not exist or is empty
apache config test fails, aborting

rg305 · December 19, 2018, 5:00am

Try going directly to the source file (not the symbolic link):
Change:
SSLCertificateFile /opt/bitnami/apache2/conf/server.crt
SSLCertificateKeyFile /opt/bitnami/apache2/conf/server.key
to:
SSLCertificateFile /etc/lego/certificates/makeyourbrand.crt
SSLCertificateKeyFile /etc/lego/certificates/makeyourbrand.key

And restart again...

topper1309 · December 19, 2018, 5:02am

It says the same

AH00526: Syntax error on line 45 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file '/etc/lego/certificates/makeyourbrand.crt' does not exist or is empty
apache config test fails, aborting

rg305 · December 19, 2018, 5:02am

please show the updated file:

topper1309 · December 19, 2018, 5:04am

This is the file now

# Default Virtual Host configuration.

<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny                          
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLCertificateFile /etc/lego/certificates/makeyourbrand.crt
SSLCertificateKeyFile /etc/lego/certificates/makeyourbrand.key

<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny                          
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

rg305 · December 19, 2018, 5:04am

and also the rights to the original file:
ls -l /etc/lego/certificates/makeyourbrand.crt

topper1309 · December 19, 2018, 5:05am

ls: cannot access '/etc/lego/certificates/makeyourbrand.crt': No such file or directory

rg305 · December 19, 2018, 5:07am

That is a problem!

What happened to?:

I think it may still be there (just not visible to your current user/group):
sudo find / -name makeyourbrand.in.crt

topper1309 · December 19, 2018, 5:08am

This command displays - sudo find / -name makeyourbrand.in.crt

displays
/etc/lego/certificates/makeyourbrand.in.crt

So that means I just need to add this in user group ?

rg305 · December 19, 2018, 5:09am

rg305 · December 19, 2018, 5:11am

That seems to be the problem.
Try:
sudo chmod 644 /etc/lego/certificates/makeyourbrand.crt
sudo chmod 644 /etc/lego/certificates/makeyourbrand.key
then
ls -l /etc/lego/certificates/

rg305 · December 19, 2018, 5:24am

I think you have to also ensure this is being done somewhere.
Try to locate that in apache files:
grep -Ri 'sslengine' /opt/bitnami/apache2/

ADDITIONALLY:

We all missed the TYPOs:
/etc/lego/certificates/makeyourbrand.crt
/etc/lego/certificates/makeyourbrand.key
Should be:
/etc/lego/certificates/makeyourbrand.IN.crt
/etc/lego/certificates/makeyourbrand.IN.key

Topic		Replies	Views
Could not obtain certificates: Could not create required directories Help	13	2612	July 29, 2018
Cannot create order or certificate Help	16	2909	December 10, 2021
Unable to obtain certificate Help	1	595	September 8, 2021
Errors i need help Help	4	630	November 3, 2021
Acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:malformed :: JWS verification error, url: ) Help	2	2274	February 11, 2021

Not able to obtain lets encrypt certificate

Related topics