Using Certbot with Bitnami Apache - More Issues


#1

OK. I am still learning the ins and outs of hosting and using Apache, so please bare with me…

My first attempt at setting up the SSL Cert via Certbot resulted in the following:

sudo certbot --apache

I entered my domain name (jefvandegraaf.com) then received the following error:

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set th
e ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Etc…

I have tried another method by using:

sudo certbot certonly --webroot

Again, it asked for my domain name (jefvandegraaf.com) and my web root (/var/www/html/ - Truthfully, I have no idea if this was correct)

Then I received the following:

Waiting for verification…
Cleaning up challenges
Failed authorization procedure. jefvandegraaf.com (http-01): urn:acme:error:unauthorized :: The client lacks suf
ficient authorization :: Invalid response from http://jefvandegraaf.com/.well-known/acme-challenge/WuIqj0SzQoXyU
kOFG2gbk-8KtTu0M8fK8QDb4CxOD3w: "

<meta name="viewp" IMPORTANT NOTES: - The following errors were reported by the server: Domain: jefvandegraaf.com Type: unauthorized Detail: Invalid response from http://jefvandegraaf.com/.well-known/acme-challenge/WuIqj0SzQoXyUkOFG2gbk-8KtTu0M8fK8QDb4CxOD3w: " <meta name="viewp" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.

Any ideas to clear this up would be great.


#2

Let me guess… you’re using Bitnami?


#3

Yes I am…


#4

Unfortunately Certbot’s standard setup instructions don’t work well with Bitnami, and Bitnami’s own tutorials are somewhat lacking too. There’s a (long) recent thread about it here. I’d suggest reading it as there are quite a few things that can go wrong!

The most immediate answer though is that your guess about the location of your webroot was probably wrong. Since you’re using wordpress, I’ll hazard a guess that it’s in the same place as in that other thread: /opt/bitnami/apps/wordpress/htdocs


#5

jmorahan. Thank you, that did the trick.


#9

Sorry, I am bombarding my own post with message.

I managed to find a way to edit the .conf however I can no longer restart apache:

admin@digital-content-specialist-vm:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 1 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
Invalid command ‘sudo’, perhaps misspelled or defined by a module not included in the server configuration
apache config test fails, aborting

I’m not sure what is wrong with LINE 1


#10

Perhaps in your efforts to discover how to edit the file, you inadvertently entered a command in the configuration file itself rather than at your shell prompt? Edit the file again and remove the command, if so.

Otherwise post the file here (using the “preformatted text” button) so we can have a chance of guessing what’s wrong.


#11

I noticed the added text and edited it out.

Everything seems to be working, however when I navigate to my site, the green lock disappears in less than a second.

Is there a reason why this is happening?


#12

On loading

After loading


#13

It looks like you might have fixed this already, but this is generally due to mixed content (including insecure HTTP resources within your secure HTTPS page). You can diagnose this with

https://www.whynopadlock.com/


#14

This whynotpadlock is a great site. I have it all figured out now. Thank you!


#15

Hey,

For future reference, to those using Bitnami on GOOGLE CLOUD, here’s the steps I took to get my certs running perfectly:

Boot up SSH
sudo apt-get install git
cd /tmp
git clone https://github.com/letsencrypt/letsencrypt
cd certbot
./certbot-auto
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d DOMAIN
cd apps/stack/apache2/conf
sudo rm server.crt
sudo rm server.key
sudo ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo /opt/bitnami/ctlscript.sh restart apache

Should do the trick.


#16

Thanks for sharing these steps.

I wanted to caution people about

that it will probably only work if you have only a single certificate on that server! Many people’s servers serve more than one site and hence have more than one certificate, but here you are relying on the default systemwide certificate instead of configuring it per-site. (This is probably not a problem if you have only a single site and are sure that you’ll never have others on the same server.)


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.