SSL Certificate Rating by SSLReport - not trusted


#1

Hello

I have configured certificates and chains have been generated for a new Bitnami LAMP stack install and got the following message:
Congratulations! You have successfully enabled https://binhngodaicao.com and
https://www.binhngodaicao.com

However when testing there are some issues which i don’t really understand. I am thinking it is possibly a becuase of an Invalid configuration. I have a fresh Bitnami LAMP install and i haven’t done any configuration at all!
Could someone please help me to determine the issue and a possible resolution?

https://www.ssllabs.com/ssltest/analyze.html?d=www.binhngodaicao.com

Best regards,
Ben


#2

Hi,

Can you try this link and see if that helps?

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Your web path is /opt/bitnami/apache2/htdocs

Installed Apache Conf is here:
https://docs.bitnami.com/virtual-machine/components/apache/#define-virtual-host-configuration

Thank you


#3

In particular, the server isn’t using the Let’s Encrypt certificates that were issued, so they still have to be configured in Apache correctly. Instead, the server is using the old self-signed certificate that probably came with the server. Sometimes this is caused by having a _default_ HTTPS virtual host that overrides the individual virtual hosts that Certbot created, or something like that.


#4

Hello @stevenzhu
Thanks for your reply. I have been looking at that set of instructions but I used Certbot Auto and was able to general the certificates the issue is with configuring the Virtual Machine

I had a look at your second the web path and there isn’t anything in it /opt/bitnami/apache2/htdocs
However, I added the new path to the Certs and Rewrites to this file : /opt/bitnami/apache2/conf/bitnami/bitnami.conf

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
#SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCertificateFile "/etc/letsencrypt/live/binhngodaicao.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/binhngodaicao.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/binhngodaicao.com/chain.pem"

and the 3 lines for Rewrites in the same file:

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

The part I am confused about in the Apache Conf instructions where it gives an example, see below

/opt/bitnami/apps/myapp/conf/ directory: httpd-app.conf, httpd-prefix.conf and httpd-vhosts.conf.

The thing is I don’t have an app (myapp) currently installed. It is a LAMP stack and I don’t need any app installed so not sure what to do here. So I mean I can’t configure anything at those 3 file extensions when I don’t have an myapp! to configure… Let me know what you think.
cheers,

Ben


#5

Hello @schoen Seth,

Could you help me, give me an example to configure Apache correctly for the server to use the new certificates?

Cheers,
Ben


#6

Hi,

Can you please run the command and share the output?
sudo /opt/bitnami/apache2/bin/apachectl -S

Thank you


#7

Your vHost at least need to contain a server name…

Check this out:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

(I’m not sure which version of Apache you are using… however you need to specify server_name in vHosts)

By the way, did you restart your Apache server after edit the conf file?

If the DocumentRoot path doesn’t exist, you can create that to avoid Apache failure (also remove default one stack pages)

DON’T FORGET TO RESTART APAHE AFTER EDIT YOUR CONF FILE. (Super important)

Thank you

P.S. I’m going to get some sleep now…


#8

here is the output:

VirtualHost configuration:
*:80                   localhost (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:8)
*:443                  localhost (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:46)ur Pos      ^Y Prev Page
ServerRoot: "/opt/bitnami/apache2" Replace      ^U Uncut Text   ^T To Spell     ^_ Go To Line   ^V Next Page
Main DocumentRoot: "/opt/bitnami/apache2/htdocs"
Main ErrorLog: "/opt/bitnami/apache2/logs/error_log"
Mutex default: dir="/opt/bitnami/apache2/logs/" mechanism=default 
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/opt/bitnami/apache2/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: USE_PHP_FPM
User: name="daemon" id=1

#9

okay

This file means you need to edit file
/opt/bitnami/apache2/conf/bitnami/bitnami.conf
And restart Apache after you’re done.

Thank you


#10

thanks @stevenzhu
I added the ServerName to the Apache confi and that fixed it! all good!
Thanks for your time to respond.

much appreciated! :smiley:
Cheers,
Ben


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.