Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:ncileadership.org
I ran this command: sudo /opt/bitnami/bncert-tool
It produced this output:
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdfDo you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y----------------------------------------------------------------------------Performing changes to your installationThe Bitnami HTTPS Configuration Tool will perform any necessary actions to your Bitnami installation. This may take some time, please be patient.----------------------------------------------------------------------------SuccessThe Bitnami HTTPS Configuration Tool succeeded in modifying your installation.The configuration report is shown below.Backup files:* /opt/bitnami/apache/conf/httpd.conf.back.202008171705* /opt/bitnami/apache/conf/bitnami/bitnami.conf.back.202008171705* /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf.back.202008171705* /opt/bitnami/apache/conf/vhosts/moodle-https-vhost.conf.back.202008171705* /opt/bitnami/apache/conf/vhosts/moodle-vhost.conf.back.202008171705Find more details in the log file:/tmp/bncert-202008171705.logIf you find any issues, please check Bitnami Support forums at:https://community.bitnami.comPress [Enter] to continue:
My web server is (include version): Apache
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: Google Clouds Platform
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): BNCertool
That subdomain is not on the certificate. You need to “expand” the certificate to include that subdomain (or into a wildcard *.ncileadership.org certificate).
@Jubilee2020 Your certificate is for ncileadership.org and www.ncileadership.org only. You should somehow add the lead.ncileadership.org hostname to a certificate too.
However, you’re running Bitnami and Bitnami has all things a little bit different than most systems. Not every volunteer here on this Community has experience with Bitnami. Probably very few to be honest.
Personally, I have absolutely NO idea how Bitnami works and how it manages its certificates. I have no idea how that bncert-tool works. Most likely you’ll get more useful replies on the Bitnami Community. See the link in the output you’ve pasted yourself in your first post.
Most likely you can just issue a new certificate with ncileadership.org, www.ncileadership.org, and lead.ncileadership.org as the domains being certified. The way to do this should be indicated on the help for the tool you are using. Like @Osiris I’m unfamiliar with it. Given the history of subdomains from my screenshot above from https://crt.sh/?q=ncileadership.org, I would honestly recommend you move towards getting a certificate with only ncileadership.org and *.ncileadership.org as the domains being certified. This would save you a whole lot of trouble in the future as the *. will cover EVERY subdomain, including those not yet envisioned.
You're probably right. I was just thinking that given the history of various subdomains showing on crt.sh, it might prove helpful. Did you see the history of the certs? Seems to be a lot of overlap with Google.
Good call. You may want to check out why you’ve also got certificates issued from Google. As @JuergenAuer said though, don’t take my suggestion for now about *. because it may break your ability to get a cert. Just try to list ALL the subdomains you need. You appear to currently have 11 different certificates that aren’t expired for the domain!
No… I didn’t do that. I tried to generate the certificate containing www.lead.ncileadership.com, www.ncileadership.org. And that’s when I got the errors on the attachment that sent in the previous post. Regarding the info.ncileadership.org and the blog.ncileadership.org… those are google sites and therefore did not need to be included because google generates its own certficates. I just needed to generate the www.lead.ncileadership.org and the ncileadership.org… but I got the error in the attachment of the previous post. Could you look at that and offer advice please?
The error you got is because the certificate is now missing, hence the error and the site going offline.
Looks like the blog and info are still operational due to serving the Google certificates. You just need to issue a new Let’s Encrypt certificates covering the main domain and the other subdomains and you should be good. Part of the issue you’re seeing is that you have a number of certificates with overlapping coverage. Getting a single certificate for those domains covered by Let’s Encrypt will simplify life greatly.
The error can be fixed by generating the new certificate. It (hopefully) should not preclude you from doing so. I’m assuming you still have access to change the domains/subdomains being certified then running to get the new certificate. From my research and the info you’ve provided, you should probably include the following: ncileadership.org www.ncileadership.org lead.ncileadership.org www.lead.ncileadership.org
