<Resolved> I set my first letsencrypt cert with this command and now I cannot renew it or revoke it now it has expired <Resolved>

My domain is: paypcns.co.uk

Running on bitnami wordpress (Google Cloud)

I used this command:

sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m myactualemail@gmail.com -d myrealdomain.com -d www.myrealdomain.com

Now no matter what I try I cannot renew or revoke it…

I either get certifcate exists so will be used, or account not recgnised in the http tool please click run.

Even trying to revoke it does not work following the guides.

I am now stuck - Please help if possible

Hi,

Do you mind to share the tutorial you’ve been using?
I think that might be doing the initial certificate generation, and you might need another script for renewal (as described in step 5). https://docs.bitnami.com/aws/apps/mattermost/administration/generate-configure-certificate-letsencrypt/

Sure… It was this one - I also started it at the time from where you do the cert generation.

Ah ok, yet another unknown guide.
Can you try the official tutorial i share to you?

I will try but every time i try to follow the official ones i end up with problems - but I am happy to try one and then tell you the result / output…

I will try step 5 now in that tutorial.

First problem… running this command gives this output…

sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains=“paypcns.co.uk www.paypcns.co.uk” --path="/opt/bitnami/letsencrypt" renew --days 90

2020/08/23 12:31:02 Account londonparkingcontrol@gmail.com is not registered. Use ‘run’ to register a new account.

Hi,

Seems like i was using another tutorial by Bitnami, can you try to see if there’s anything in /opt/bitnami/bncert-tool? The bncert-tool looks like to be the new version of generate-certificate.sh.

There wasnt a seperate directory for bncert-tool - but there was an executable - and when running it it threw out a simular error… (Full output below)


londonparkingcontrol@wp1-parkingcontrol-vm:/opt/bitnami$ sudo ./bncert-tool
Warning: Custom redirections were detected in your web server configuration
files. This tool will not be able to enable/disable redirections.
Press [Enter] to continue:

Welcome to the Bitnami HTTPS Configuration tool.


Domains

Please provide a valid space-separated list of domains for which you wish to
configure your web server.

Domain list : paypcns.co.uk www.paypcns.co.uk

Warning: A certificate for the list of domains you entered already exists. It
will be used instead of generating a new one.
Press [Enter] to continue:

Changes to perform

The following changes will be performed to your Bitnami installation:

  1. Stop web server
  2. Configure web server to use an existing Let’s Encrypt certificate and renew:
    /opt/bitnami/letsencrypt/certificates/paypcns.co.uk.crt
  3. Configure a cron job to automatically renew the certificate each month
  4. Configure web server name to: paypcns.co.uk
  5. Start web server once all changes have been performed

Do you agree to these changes? [Y/n]: y


Create a free HTTPS certificate with Let’s Encrypt

Please provide a valid e-mail address for which to associate your Let’s Encrypt
certificate.

Domain list: paypcns.co.uk www.paypcns.co.uk

Server name: paypcns.co.uk

E-mail address : londonparkingcontrol@gmail.com

The Let’s Encrypt Subscriber Agreement can be found at:

Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y


Performing changes to your installation

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.

An error occurred renewing certificates with Let’s Encrypt:

2020/08/23 12:48:40 Account londonparkingcontrol@gmail.com is not registered.
Use ‘run’ to register a new account.
child process exited abnormally

Please check our documentation and support forums, we’ll be happy to help!

Press [Enter] to continue:

Error
An error occurred when applying configurations.
The web server configuration was left unchanged. There was an error in the new
configuration, so it was reverted.
Failed steps:

  • Running Let’s Encrypt: Error renewing certificates
    Find more details in the log file:
    /tmp/bncert-202008231248.log
    If you find any issues, please check Bitnami Support forums at:
    https://community.bitnami.com
    Press [Enter] to continue:

londonparkingcontrol@wp1-parkingcontrol-vm:/opt/bitnami$


Can you share the content in /tmp/bncert-202008231248.log?

Best I could do was screenshots as it would not let me copy and paste to my local machine from nano on the host.

https://filebin.net/mmwtitcviwgl2mfz

The new tool is using Lego, which I’m not sure why the old tool isn’t. Can you try to use the registration on Lego to register?

sudo /opt/bitnami/letsencrypt/lego run

After this is done, please run the script again (the bncert tool)

sudo /opt/bitnami/letsencrypt/lego run

2020/08/23 13:38:54 Please specify --domains/-d (or --csr/-c if you already have a CSR)


sudo /opt/bitnami/letsencrypt/lego run --domains paypcns.co.uk www.paypcns.co.uk
Incorrect Usage: flag provided but not defined: -domains
NAME:
lego run - Register an account, then create and install a certificate
USAGE:
lego run [command options] [arguments…]
OPTIONS:
–no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego.

2020/08/23 13:40:28 flag provided but not defined: -domains


londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/letsencrypt/lego run --domains “paypcns.co.uk” “www.paypcns.co.uk
Incorrect Usage: flag provided but not defined: -domains
NAME:
lego run - Register an account, then create and install a certificate
USAGE:
lego run [command options] [arguments…]
OPTIONS:
–no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego.

2020/08/23 13:41:07 flag provided but not defined: -domains

Can you try this?

First:
/opt/bitnami/ctlscript.sh stop apache
Then:
sudo /opt/bitnami/letsencrypt/lego run -d paypcns.co.uk -d www.paypcns.co.uk --path /opt/bitnami/letsencrypt/ --tls --email londonparkingcontrol@gmail.com
Last:
/opt/bitnami/ctlscript.sh start apache

londonparkingcontrol@wp1-parkingcontrol-vm:/ /opt/bitnami/ctlscript.sh stop apache This script requires root privileges londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/ctlscript.sh stop apache
Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/letsencrypt/lego run -d paypcns.co.uk -d www.paypcns.co.uk --path /opt/bitnami/letsencrypt/ --tls --email londonparkingcontrol@gmail.com
Incorrect Usage: flag provided but not defined: -d

NAME:
lego run - Register an account, then create and install a certificate

USAGE:
lego run [command options] [arguments…]

OPTIONS:
–no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego.

2020/08/23 13:53:54 flag provided but not defined: -d
londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/ctlscript.sh start apache Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80 Monitored apache londonparkingcontrol@wp1-parkingcontrol-vm:/

Sorry i’m not that familiar with lego… I think this should register an account and get a certificate.

sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains="paypcns.co.uk" --domains="www.paypcns.co.uk" --path="/opt/bitnami/letsencrypt" run

Hmmm we might be in luck here…

londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/ctlscript.sh stop apache Unmonitored apache Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd stopped londonparkingcontrol@wp1-parkingcontrol-vm:/ sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains=“paypcns.co.uk” --domains=“www.paypcns.co.uk” --path="/opt/bitnami/letsencrypt" run
2020/08/23 13:59:55 [INFO] [paypcns.co.uk, www.paypcns.co.uk] acme: Obtaining bundled SAN certificate
2020/08/23 13:59:56 [INFO] [paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723853982
2020/08/23 13:59:56 [INFO] [www.paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723853991
2020/08/23 13:59:56 [INFO] [paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:56 [INFO] [www.paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:56 [INFO] [paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 14:00:02 [INFO] [paypcns.co.uk] The server validated our request
2020/08/23 14:00:02 [INFO] [www.paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 14:00:15 [INFO] [www.paypcns.co.uk] The server validated our request
2020/08/23 14:00:15 [INFO] [paypcns.co.uk, www.paypcns.co.uk] acme: Validations succeeded; requesting certificates
2020/08/23 14:00:16 [INFO] [paypcns.co.uk] Server responded with a certificate.
londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/ctlscript.sh start apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
Monitored apache

And when I ran it the 1st time but didnt stop apache first I got this…

londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo /opt/bitnami/letsencrypt/lego --tls --email="londonparkingcontrol@gmail.com" --domains=“paypcns.co.uk” --domains=“www.paypcns.co.uk” --path="/opt/bitnami/letsencrypt" run
2020/08/23 13:59:15 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
y
2020/08/23 13:59:18 [INFO] acme: Registering account for londonparkingcontrol@gmail.com
!!! HEADS UP !!!
Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/opt/bitnami/letsencrypt/accounts”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2020/08/23 13:59:19 [INFO] [paypcns.co.uk, www.paypcns.co.uk] acme: Obtaining bundled SAN certificate
2020/08/23 13:59:19 [INFO] [paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847251
2020/08/23 13:59:19 [INFO] [www.paypcns.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847254
2020/08/23 13:59:19 [INFO] [paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:19 [INFO] [www.paypcns.co.uk] acme: use tls-alpn-01 solver
2020/08/23 13:59:19 [INFO] [paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 13:59:20 [INFO] [www.paypcns.co.uk] acme: Trying to solve TLS-ALPN-01
2020/08/23 13:59:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847251
2020/08/23 13:59:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6723847254
2020/08/23 13:59:20 Could not obtain certificates:
error: one or more domains had a problem:
[paypcns.co.uk] [paypcns.co.uk] acme: error presenting token: could not start HTTPS server for challenge: listen tcp :443: bind: address already in use
[www.paypcns.co.uk] [www.paypcns.co.uk] acme: error presenting token: could not start HTTPS server for challenge: listen tcp :443: bind: address already in use

You got the certificate now, can you try to run that cert-tool again?
sudo ./bncert-tool

Seems to have worked right upto the chron error…


londonparkingcontrol@wp1-parkingcontrol-vm:/$ sudo ./opt/bitnami/bncert-tool
Warning: Custom redirections were detected in your web server configuration
files. This tool will not be able to enable/disable redirections.
Press [Enter] to continue:

Welcome to the Bitnami HTTPS Configuration tool.


Domains

Please provide a valid space-separated list of domains for which you wish to
configure your web server.

Domain list : paypcns.co.uk www.paypcns.co.uk

Warning: A certificate for the list of domains you entered already exists. It
will be used instead of generating a new one.
Press [Enter] to continue:

Changes to perform

The following changes will be performed to your Bitnami installation:

  1. Stop web server
  2. Configure web server to use an existing Let’s Encrypt certificate and renew:
    /opt/bitnami/letsencrypt/certificates/paypcns.co.uk.crt
  3. Configure a cron job to automatically renew the certificate each month
  4. Configure web server name to: paypcns.co.uk
  5. Start web server once all changes have been performed

Do you agree to these changes? [Y/n]: y


Create a free HTTPS certificate with Let’s Encrypt

Please provide a valid e-mail address for which to associate your Let’s Encrypt
certificate.

Domain list: paypcns.co.uk www.paypcns.co.uk

Server name: paypcns.co.uk

E-mail address : londonparkingcontrol@gmail.com

The Let’s Encrypt Subscriber Agreement can be found at:

Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y


Performing changes to your installation

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.

|
**Error: Error running crontab -u bitnami /tmp/cron20200823140527: new crontab **
file is missing newline before EOF, can’t install.
Press [Enter] to continue:

Some errors occurred

The configuration was applied, but some of the changes could not be applied.
Find the details below.

The configuration report is shown below.

Failed steps:

  • Removing cron entry

Backup files:

  • /opt/bitnami/apache2/conf/httpd.conf.back.202008231404
  • /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.202008231404
  • /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202008231404

Find more details in the log file:

/tmp/bncert-202008231404.log

If you find any issues, please check Bitnami Support forums at:

Press [Enter] to continue:

londonparkingcontrol@wp1-parkingcontrol-vm:/$

Well I’m not exactly sure how to fix that, but your site is up and running again!
You might want to contact Bitnami (on that support link above) for the cron issue, it might be serious but my knowledge on Bitnami stops here… I think the cron is when the tool checks certificate expiry and renew it so you should take care of that before your certificate expires.