Setting up SSL on a Bitnami stack with AWS

Okay, I have two domains (one and older one and the other with our new name).

I have a sub domain. I have two AWS instances one being a Bitnami stack.

I have all my domains registered and DNS working.

I have SSL working on both servers but not totally right.

So I need www.domain1.com, domain1.com, www.domain2.com, and domain2.com pointing to one server with a working SSL

I also need store.domain1.com, www.store.domain1.com, store.domain2.com and www.store.domain2.com working on one SSL.

Thoughts?

Hi @juhler64

please start with the basics.

Then select a client.

If this is done and if you have problems to create a new certificate, please answer the following questions. That's the standard template of #help


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi,

Please take a look at https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Thank you

My domain is: industresource.com is main. legacymachinery.com should point to the first.

I ran this command:
sudo lego --tls --email="juhler@industresource.com" --domains=“industresource.com” --path="/etc/lego" run
sudo lego --tls --email="juhler@industresource.com" --domains=“www.industresource.com” --path="/etc/lego" run

Both of these work but I ended up with two certs. Not sure how to use two certs.

My web server is (include version): Apache2 2.4.34

The operating system my web server runs on is (include version): 16.04.5 LTS

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): None

Lego Clients allow you to use mutiple domains in one command.
You should use sudo lego --tls --email="juhler@industresource.com --domains=“industresource.com --domains=“www.industresource.com” --path="/etc/lego" run

Thank you

1 Like

Yeah I sort of figured that is where I messed up. It failed on that when I tried it at first.

What about the old domain name?

You should

  • create a certificate with both domain names
  • and a redirect (http status 301) old domain -> new domain

So you don't have duplicated content (the same content under different addresses) and the redirect is secure.

But the correct redirect is:

http + old domain -> https + old domain -> https -> new domain

[INFO] [industresouce.com] acme: Trying to solve TLS-ALPN-01
2019/05/06 22:06:51 [INFO] [www.industrecource.com] acme: Trying to solve TLS-ALPN-01
2019/05/06 22:06:58 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/hLUMWm64xgaus9aUj8i7d_6rx5EMj9Fmie9yehlZ_TU
2019/05/06 22:06:58 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/zTrVGIxwy_jhnZZj5gKRtI4PzZHd796YwlzqnSS71r8
2019/05/06 22:06:58 Could not obtain certificates:

Hi,

The domain you try to get certificate for is not registered.

Could you please double check on the spelling or your domain registration status?

Thank you

I got it all working.

Basically I did the following in case others need to:

Stopped using the Lego Btinami method of install the SSL. I deleted my old SSL certs.

Installed certbot and ran certbot certonly for my four needed sites (with and without WWW).

Pointed those certs to the very strange location that Bitnami stores them and made edits to the very strange conf files that Bitnami uses.

It all worked.

Wish I never used the Bitnami stack from AWS in the first place…

Thanks for all the help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.