The server.crt does not exist or is empty + The http does not exist

My domain is: https://arab.academy (www.arab.academy)

The Problem Sequence:
My Letencrypt certificate had expired on May, 29, then I go through steps to re-install a new one. On browser-based SSH terminal in the Lightsail console of a Bitnami/WordPress instance, After manual successful completed the installation of lets encrypt certificate and chain, and getting a Congratulation message confirming that my certificate, chain, and key files are stored in the** /etc/letsencrypt/live/ arab.academy / directory.

And when I went to the next step to** Move the Let’s Encrypt certificate files to the Apache directory, and try to stop the underlying services using the following command

I ran this command: sudo /opt/bitnami/ctlscript.sh stop

It produced this output: AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt does not exist or is empty
Apache config test fails, aborting
The final conclusion of me current error status: my http server does not respond, not start, not stop.
I followed this manual in renewing my LLS certificate:
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress#complete-the-prerequisites-lets-encrypt-wordpress

The said tutorial has a step (7) to configure a “cron job” that renews my certificate by adding the following commands

  1. env EDITOR=vim crontab -e
  2. Press i to enter insert mode in the Vim text editor.
  3. Add the following line to the end of the crontab file.
    0 1 * * * sudo certbot renew && sudo /opt/bitnami/ctlscript.sh restart apache
  4. Press the ESC key, and then enter :wq to write (save) your edits, and quit Vim
    I failed many time to edit those lines correctly, and got the following error
    "bad hour error in crontab file, can’t install

I have images of all error responses.

My web server is (include version): Bitnami/WordPress

The operating system my web server runs on is (include version): Apache2

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine: I don’t know)

I’m using a control panel to manage my site ( **browser-based SSH terminal in the Lightsail console of a Bitnami/WordPress instance)

The version of my client is Certbot client, do not know the versions
(e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @ahalimo

there

you should see a path and a file name. Perhaps use

certbot certificates

There should be something like

/etc/letsencrypt/live/arab.academy/fullchain.pem

or cert.pem. The link you have shared: There are the commands you need:

sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt

Replace $DOMAIN with arab.academy. Looks like you have done the move commands, so now the certificates aren’t there, so the config check fails.

Dear Juergen

Thankyou very much for your support

  1. The file you refer is already there.
/etc/letsencrypt/live/arab.academy/fullchain.pem
Alog with
/etc/letsencrypt/live/arab.academy/privkey.pem
 
 
 

I have entered the tow commands in the tutorial,

sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key

sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/s

and then entered the next command to restart the service

sudo /opt/bitnami/ctlscript.sh start

I got the same error message about the server.crt does not exist or it empty., apache config test fails, aborting.

Thank you in advance for your analysis and advice

Looks like you have done something wrong.

What says

ls -al /opt/bitnami/apache2/conf

try first to read the server certificate with

sudo cat /opt/bitnami/apache2/conf/server.crt

if it don’t work, you have messed badly the command.
If it works, check the access by the Apache server; do you know the user under which runs the Apache server ? if not, it’s probably in a file named /etc/apache2/envvars

cat /etc/apache2/envvars | grep USER

if yes you can probably (I don’t know Bitnami images at all) check the access rights by using

sudo -H -u (your-apache-user) bash

if the apache user is www-data, that would give you

sudo -H -u www-data bash

then you should drop into another shell for the apache user; try then again to read the letsencrypt files using for example.

cat /opt/bitnami/apache2/conf/server.crt

if it does not work while the first command (as your normal default user) was working, it’s a rights problem, the apache user does not have the necessary rights to use the files (it’s a classic problem)

I ran the command "sudo cat /opt/bitnami/apache2/conf/server.crt"
The answer is "no such file or directory"

What then should I do?

Well, your link is wrong. Remove it by going to
/opt/bitnami/apache2/conf’ and doing
rm server.crt
then do it again better. it seems that in your command the $DOMAIN variable was not defined. So replace it by the value for your domain
sudo ln -s /etc/letsencrypt/live/arab.academy/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/arab.academy/fullchain.pem /opt/bitnami/apache2/conf/server.crt

image

image

image

err, when I was saying go to the /opt/bitnami/apache2/conf, I was meaning something like

cd /opt/bitnami/apache2/conf

I was trying to be as precise as possible but I seem to have missed this point :slight_smile:

image

Dear Gpatel-fr
What is next

typing a space between -s and the following (/etc…)

/etc/letsencrypt/live//fullchain.pem doesn’t exist.

As written:

sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/s

So your commands are

sudo ln -s /etc/letsencrypt/live/arab.academy/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/arab.academy/fullchain.pem /opt/bitnami/apache2/conf/server.crt

appreciate your guiding. I did what your said, and here is the response
image

Then first delete the already existing symbolic link.

Please advise the command

Please advise the command and path