My domain is: paypcns.co.uk
Running on bitnami wordpress (Google Cloud)
I used this command:
sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m myactualemail@gmail.com -d myrealdomain.com -d www.myrealdomain.com
Now no matter what I try I cannot renew or revoke it…
I either get certifcate exists so will be used, or account not recgnised in the http tool please click run.
Even trying to revoke it does not work following the guides.
I am now stuck - Please help if possible
Hi,
Do you mind to share the tutorial you’ve been using?
I think that might be doing the initial certificate generation, and you might need another script for renewal (as described in step 5). https://docs.bitnami.com/aws/apps/mattermost/administration/generate-configure-certificate-letsencrypt/
Sure... It was this one - I also started it at the time from where you do the cert generation.
Ah ok, yet another unknown guide.
Can you try the official tutorial i share to you?
I will try but every time i try to follow the official ones i end up with problems - but I am happy to try one and then tell you the result / output…
I will try step 5 now in that tutorial.
First problem… running this command gives this output…
sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains=“paypcns.co.uk www.paypcns.co.uk” --path="/opt/bitnami/letsencrypt" renew --days 90
2020/08/23 12:31:02 Account londonparkingcontrol@gmail.com is not registered. Use ‘run’ to register a new account.
Hi,
Seems like i was using another tutorial by Bitnami, can you try to see if there’s anything in /opt/bitnami/bncert-tool? The bncert-tool looks like to be the new version of generate-certificate.sh.
There wasnt a seperate directory for bncert-tool - but there was an executable - and when running it it threw out a simular error… (Full output below)
Welcome to the Bitnami HTTPS Configuration tool.
Domains
Please provide a valid space-separated list of domains for which you wish to
configure your web server.
Domain list : paypcns.co.uk www.paypcns.co.uk
Changes to perform
The following changes will be performed to your Bitnami installation:
Do you agree to these changes? [Y/n]: y
Create a free HTTPS certificate with Let’s Encrypt
Please provide a valid e-mail address for which to associate your Let’s Encrypt
certificate.
Domain list: paypcns.co.uk www.paypcns.co.uk
Server name: paypcns.co.uk
E-mail address : londonparkingcontrol@gmail.com
The Let’s Encrypt Subscriber Agreement can be found at:
Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y
Performing changes to your installation
The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.
An error occurred renewing certificates with Let’s Encrypt:
2020/08/23 12:48:40 Account londonparkingcontrol@gmail.com is not registered.
Use ‘run’ to register a new account.
child process exited abnormally
Please check our documentation and support forums, we’ll be happy to help!
Error
An error occurred when applying configurations.
The web server configuration was left unchanged. There was an error in the new
configuration, so it was reverted.
Failed steps:
londonparkingcontrol@wp1-parkingcontrol-vm:/opt/bitnami$
Can you share the content in /tmp/bncert-202008231248.log?
Best I could do was screenshots as it would not let me copy and paste to my local machine from nano on the host.
The new tool is using Lego, which I’m not sure why the old tool isn’t. Can you try to use the registration on Lego to register?
sudo /opt/bitnami/letsencrypt/lego run
After this is done, please run the script again (the bncert tool)
sudo /opt/bitnami/letsencrypt/lego run
2020/08/23 13:38:54 Please specify --domains/-d (or --csr/-c if you already have a CSR)
sudo /opt/bitnami/letsencrypt/lego run --domains paypcns.co.uk www.paypcns.co.uk
Incorrect Usage: flag provided but not defined: -domains
NAME:
lego run - Register an account, then create and install a certificate
USAGE:
lego run [command options] [arguments…]
OPTIONS:
–no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego.
2020/08/23 13:40:28 flag provided but not defined: -domains
londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/letsencrypt/lego run --domains “paypcns.co.uk” “www.paypcns.co.uk”
Incorrect Usage: flag provided but not defined: -domains
NAME:
lego run - Register an account, then create and install a certificate
USAGE:
lego run [command options] [arguments…]
OPTIONS:
–no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego.
2020/08/23 13:41:07 flag provided but not defined: -domains
Can you try this?
First:
/opt/bitnami/ctlscript.sh stop apache
Then:
sudo /opt/bitnami/letsencrypt/lego run -d paypcns.co.uk -d www.paypcns.co.uk --path /opt/bitnami/letsencrypt/ --tls --email londonparkingcontrol@gmail.com
Last:
/opt/bitnami/ctlscript.sh start apache
londonparkingcontrol@wp1-parkingcontrol-vm:/ /opt/bitnami/ctlscript.sh stop apache
This script requires root privileges
londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/ctlscript.sh stop apache
Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/letsencrypt/lego run -d paypcns.co.uk -d www.paypcns.co.uk --path /opt/bitnami/letsencrypt/ --tls --email londonparkingcontrol@gmail.com
Incorrect Usage: flag provided but not defined: -d
NAME:
lego run - Register an account, then create and install a certificate
USAGE:
lego run [command options] [arguments…]
OPTIONS:
–no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego.
2020/08/23 13:53:54 flag provided but not defined: -d
londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/ctlscript.sh start apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
Monitored apache
londonparkingcontrol@wp1-parkingcontrol-vm:/
Sorry i’m not that familiar with lego… I think this should register an account and get a certificate.
sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains="paypcns.co.uk" --domains="www.paypcns.co.uk" --path="/opt/bitnami/letsencrypt" run
Hmmm we might be in luck here…
londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/ctlscript.sh stop apache
Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains=“paypcns.co.uk” --domains=“www.paypcns.co.uk” --path="/opt/bitnami/letsencrypt" run
2020/08/23 13:59:55 [INFO] [paypcns.co.uk, www.paypcns.co.uk] acme: Obtaining bundled SAN certificate
2020/08/23 13:59:56 [INFO] [paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723853982
2020/08/23 13:59:56 [INFO] [www.paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723853991
2020/08/23 13:59:56 [INFO] [paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:56 [INFO] [www.paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:56 [INFO] [paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 14:00:02 [INFO] [paypcns.co.uk] The server validated our request
2020/08/23 14:00:02 [INFO] [www.paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 14:00:15 [INFO] [www.paypcns.co.uk] The server validated our request
2020/08/23 14:00:15 [INFO] [paypcns.co.uk, www.paypcns.co.uk] acme: Validations succeeded; requesting certificates
2020/08/23 14:00:16 [INFO] [paypcns.co.uk] Server responded with a certificate.
londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/ctlscript.sh start apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
Monitored apache
And when I ran it the 1st time but didnt stop apache first I got this…
londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains=“paypcns.co.uk” --domains=“www.paypcns.co.uk” --path="/opt/bitnami/letsencrypt" run
2020/08/23 13:59:15 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
y
2020/08/23 13:59:18 [INFO] acme: Registering account for londonparkingcontrol@gmail.com
!!! HEADS UP !!!
Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/opt/bitnami/letsencrypt/accounts”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2020/08/23 13:59:19 [INFO] [paypcns.co.uk, www.paypcns.co.uk] acme: Obtaining bundled SAN certificate
2020/08/23 13:59:19 [INFO] [paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847251
2020/08/23 13:59:19 [INFO] [www.paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847254
2020/08/23 13:59:19 [INFO] [paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:19 [INFO] [www.paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:19 [INFO] [paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 13:59:20 [INFO] [www.paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 13:59:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847251
2020/08/23 13:59:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847254
2020/08/23 13:59:20 Could not obtain certificates:
error: one or more domains had a problem:
[paypcns.co.uk] [paypcns.co.uk] acme: error presenting token: could not start HTTPS server for challenge: listen tcp :443: bind: address already in use
[www.paypcns.co.uk] [www.paypcns.co.uk] acme: error presenting token: could not start HTTPS server for challenge: listen tcp :443: bind: address already in use
You got the certificate now, can you try to run that cert-tool again?
sudo ./bncert-tool
Seems to have worked right upto the chron error…
Welcome to the Bitnami HTTPS Configuration tool.
Domains
Please provide a valid space-separated list of domains for which you wish to
configure your web server.
Domain list : paypcns.co.uk www.paypcns.co.uk
Changes to perform
The following changes will be performed to your Bitnami installation:
Do you agree to these changes? [Y/n]: y
Create a free HTTPS certificate with Let’s Encrypt
Please provide a valid e-mail address for which to associate your Let’s Encrypt
certificate.
Domain list: paypcns.co.uk www.paypcns.co.uk
Server name: paypcns.co.uk
E-mail address : londonparkingcontrol@gmail.com
The Let’s Encrypt Subscriber Agreement can be found at:
Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y
Performing changes to your installation
The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.
Some errors occurred
The configuration was applied, but some of the changes could not be applied.
Find the details below.
The configuration report is shown below.
Failed steps:
Backup files:
Find more details in the log file:
/tmp/bncert-202008231404.log
If you find any issues, please check Bitnami Support forums at:
Press [Enter] to continue:
londonparkingcontrol@wp1-parkingcontrol-vm:/$
Well I’m not exactly sure how to fix that, but your site is up and running again!
You might want to contact Bitnami (on that support link above) for the cron issue, it might be serious but my knowledge on Bitnami stops here… I think the cron is when the tool checks certificate expiry and renew it so you should take care of that before your certificate expires.