Problem with certificates on a multisite wordpress

Help
1

Hello!

I have a multi-site Wordpress running in Debian. Tried to update the certificates because I want to add a new site but keep getting an error when trying generate the certificates. I have 2 sites before adding the new one. Before, these 2 sites worked with HTTPS in FireFox, Chrome, Edge. But now, after trying to create new certificates for those 2 and the new site, the those 2 original sites on FireFox stopped working but in Chrome or Edge works fine. Weird.
This issue what I'm trying to find out is why I got an error when trying to update certificates with this new site. The DNS for the new site are on point.

Here is the command I used:

sudo /opt/bitnami/bncert-tool

Here is the error I keep getting when I try to generate new certificates with the new site.

" Error while revoking the certificate for domain abtus.es
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/revoke-cert :: urn:ietf:params$"

image (13)
image (13)888×140 7.84 KB

The site: Abtus.es

(I can provide more info if needed)

Any idea where could be the error? And if so, any solutions?

Thanks in advanced!

1 Like
2

@Mr.LuckyOne, I suppose your luck ran out - LOL
Bitnami + WordPress + Apache ...

I see that it wants to revoke the cert [first]!
I don't know what goes on inside bncert, but maybe we can check outside of it for more obvious issues.
Let's start with what shows?: sudo apachectl -t -D DUMP_VHOSTS

1 Like
3

I think you need to paste more of the logs; why in the world would it be trying to revoke a certificate?

1 Like
4

Poorly written script: Replace cert = revoke existing cert + get new cert

2 Likes
5

LOL and when it managed to get it revoked the first time, it errors out the next time due to the cert already being revoked :smiley:

With regard to this specific error I'd say: please make sure your bncert-tool application is up to date with its latest version and if you still have this "already revoked" error, please open a support ticket with the bncert-tool tool developers, because it really stinks!

Not sure if this revocation issue is the only issue, so we lack information with regard to that possible other issue.

1 Like
6

I believe the revoke happens when the set of domain names changes compared to prior cert. But, I am not expert at bncert so may easily be wrong.

What is the new domain name you are trying to setup?

I also think asking about this on a bncert support forum is probably best. You might also refer to the bncert troubleshooting guide below. Doing the "reset" may be what is needed but I am not sure. Something seems badly out of sync between bncert and its cert setup.

https://docs.bitnami.com/aws/how-to/understand-bncert/

The reason your prior sites are failing in some browsers is because their cert has been revoked. Some browsers check the OCSP revoked status but others don't. See the SSL Labs report
https://www.ssllabs.com/ssltest/analyze.html?d=abtus.es&hideResults=on

2 Likes
7

It apparently asks the user:

But the line beneath that says something about throwing an error with the command to fix your domains.. So I dunno what happens if the user says "no".

2 Likes
8

Here you go:

VirtualHost configuration:
127.0.0.1:443          www.example.com (/opt/bitnami/apache/conf/vhosts/wordpress-https-vh
ost.conf:1)
127.0.0.1:80           is a NameVirtualHost
         default server status.localhost (/opt/bitnami/apache/conf/vhosts/00_status-vhost.
conf:1)
         port 80 namevhost status.localhost (/opt/bitnami/apache/conf/vhosts/00_status-vho
st.conf:1)
         port 80 namevhost www.example.com (/opt/bitnami/apache/conf/vhosts/wordpress-vhos
t.conf:1)
                 wild alias *
*:80                   is a NameVirtualHost
         default server www.example.com (/opt/bitnami/apache/conf/vhosts/wordpress-vhost.c
onf:1)
         port 80 namevhost www.example.com (/opt/bitnami/apache/conf/vhosts/wordpress-vhos
t.conf:1)
                 wild alias *
         port 80 namevhost abtus.es (/opt/bitnami/apache/conf/bitnami/bitnami.conf:6)
*:443                  is a NameVirtualHost
         default server www.example.com (/opt/bitnami/apache/conf/vhosts/wordpress-https-v
host.conf:1)
         port 443 namevhost www.example.com (/opt/bitnami/apache/conf/vhosts/wordpress-htt
ps-vhost.conf:1)
                 wild alias *
         port 443 namevhost abtus.es (/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf:15
)

And sorry if information is missing. I have almost to no idea about this and I'm trying to learn and understand how this works. (I didn't make this script...)

9

Here's more info from the logs:

Script stderr:

Stopping web server
Executing /opt/bitnami/ctlscript.sh status varnish
Script exit code: 0

Script output:

Script stderr:

Executing /opt/bitnami/ctlscript.sh stop apache > /dev/null 2> /dev/null
Script exit code: 0

Script output:

Script stderr:

Executing /opt/bitnami/letsencrypt/lego --version

Stopping web server
Executing /opt/bitnami/ctlscript.sh status varnish
Script exit code: 0

Script output:

Script stderr:

Executing /opt/bitnami/ctlscript.sh stop apache > /dev/null 2> /dev/null
Script exit code: 0

Script output:

Script stderr:

Executing /opt/bitnami/letsencrypt/lego --version
Script exit code: 0

Script output:
lego version 4.9.0 linux/amd64

Script stderr:

Extracting Lego
Configuring Let's Encrypt certificates
Executing /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="MyEmail"$
Script exit code: 1

Script output:

Script stderr:

2024/04/23 06:45:59 Trying to revoke certificate for domain abtus.es
2024/04/23 06:46:00 Error while revoking the certificate for domain abtus.es
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/revoke-cert :: urn:ietf:$

Error running /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="MyEmail$
2024/04/23 06:46:00 Error while revoking the certificate for domain abtus.es
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/revoke-cert :: urn:ietf:$
Executing chown -R bitnami /opt/bitnami/letsencrypt
Script exit code: 0

Script output:

Script stderr:

Executing chown -R bitnami /opt/bitnami/apps/letsencrypt
Script exit code: 0

Script output:

Script stderr:

Executing find /opt/bitnami/apps/letsencrypt -type f -print0 | xargs -0 chmod 664
Script exit code: 0

Script output:

Script stderr:

Executing find /opt/bitnami/apps/letsencrypt -type d -print0 | xargs -0 chmod 775
Script exit code: 0

Script output:

Script stderr:

Restoring web server configuration
[06:47:20] Restoring configuration file /opt/bitnami/apache/conf/httpd.conf from /opt/bitnami/apache/c$
Setting variable diff from diff -uw /opt/bitnami/apache/conf/httpd.conf /opt/bitnami/apache/conf/httpd$
Script exit code: 0

Script output:

Script stderr:

[06:47:20] Restoring configuration file /opt/bitnami/apache/conf/bitnami/bitnami.conf from /opt/bitnam$
Setting variable diff from diff -uw /opt/bitnami/apache/conf/bitnami/bitnami.conf /opt/bitnami/apache/$
Script exit code: 0

Script output:

Script stderr:

[06:47:21] Restoring configuration file /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf from /opt/bi$
Setting variable diff from diff -uw /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf /opt/bitnami/apa$
Script exit code: 0

Script output:

Script stderr:

[06:47:22] Restoring configuration file /opt/bitnami/apache/conf/vhosts/wordpress-https-vhost.conf fro$
Setting variable diff from diff -uw /opt/bitnami/apache/conf/vhosts/wordpress-https-vhost.conf /opt/bi$
Script exit code: 0

Script output:

Script stderr:

[06:47:22] Restoring configuration file /opt/bitnami/apache/conf/vhosts/wordpress-vhost.conf from /opt$
Setting variable diff from diff -uw /opt/bitnami/apache/conf/vhosts/wordpress-vhost.conf /opt/bitnami/$
Script exit code: 0

Script output:

Script stderr:

Stopping web server
Executing /opt/bitnami/ctlscript.sh status varnish
Script exit code: 0

Script output:

Script stderr:

Executing /opt/bitnami/ctlscript.sh stop > /dev/null 2> /dev/null
Script exit code: 0

Script output:

Script stderr:

Starting web server
Executing /opt/bitnami/ctlscript.sh stop > /dev/null 2> /dev/null
Script exit code: 0

Script output:

Executing /opt/bitnami/ctlscript.sh start > /dev/null 2> /dev/null
Script exit code: 0

Script output:

Script stderr:

Exiting with code 0

10

It's up to date... I'm new to this so came here to start somewhere because I've been a few days trying to resolve this issue. I'll try to contact with the developers in hope they can help me find a solution.
But if you find something that could help me to resolve this, I'll be very grateful.

11

I resolved this by creating a new certificate (instead of using abtus.es, I used the second site as the first one so the name would be different), deleting the old one (abtus.es), and regenerating a certificate with the correct site name (abtus.es).
If you change the order when you put the domains to generate the certificate, for some reason it changes the name of the second site (I have 3 sites). So, I had 2 sites called abtus.es, I just corrected it in the Wordpress Desktop and it works without problems.

I'm not sure if this a correct way of resolving this but it worked...

Thanks for the help!!!

PD: I know this script is shit...

3 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.