Website says SSL expired, but inside Bitnami, I have an SSL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
merci360.com

I ran this command:
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-chal
lenges dns certonly

I followed the instructions here setting it up initially months ago. I also renewed it in October. And now the website says the SSL is expired:
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress#request-a-lets-encrypt-certificate-wordpress

It produced this output:
You have an existing certificate that has exactly the same domains or certificate name you
requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/merci360.com.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate

My web server is (include version):
Not sure. I’m on Lightsail on AWS

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
Hosted on AWS Lightsail. Domain management is in GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know):
don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Using Bitnami through Lightsail

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Do not know

Hi @JoelMerci

if you use Bitnami, Certbot isn't enough. Minimal you must stop and start your Bitnami server.

Or your configuration is broken.

Start with

Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory

there is the stop / start command included. It's possible that stop / start

sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/ctlscript.sh start

is enough. If not, use the complete list of commands Step 7.

Thank you. I did the following.

I stopped and then started the actual AWS Lightsail instance.

(my public IP now changed but I can fix that in GoDaddy and repoint the “merci360.com” to the new public IP

However, same issue:
I did the Start/Stop commands as recommended.
I then did the whole step 7 commands as recommended.

If you use the public IP: 54.191.104.234 the site still says This Connection Is Not Private

If you use the private IP: 172.26.10.183, the web browser hangs

The certificate now says “merci360.com certificate name does not match input” What do I do now?

That's

not your public ip. Checking your domain - https://check-your-website.server-daten.de/?q=merci360.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
merci360.com A 34.215.184.69 Portland/Oregon/United States (US) - Amazon.com, Inc. Hostname: ec2-34-215-184-69.us-west-2.compute.amazonaws.com yes 2 0
AAAA yes
www.merci360.com C merci360.com yes 1 0
A 34.215.184.69 Portland/Oregon/United States (US) - Amazon.com, Inc. Hostname: ec2-34-215-184-69.us-west-2.compute.amazonaws.com yes

That's your public ip. But there are only timeouts.

And you have created 4 identical certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-11-19 2020-02-17 *.merci360.com, merci360.com - 2 entries duplicate nr. 4
Let's Encrypt Authority X3 2019-11-19 2020-02-17 *.merci360.com, merci360.com - 2 entries duplicate nr. 3
Let's Encrypt Authority X3 2019-11-19 2020-02-17 *.merci360.com, merci360.com - 2 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-11-19 2020-02-17 *.merci360.com, merci360.com - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-22 2020-01-20 *.merci360.com, merci360.com - 2 entries

So it's only an installation problem of your Bitnami.

The public IP is actually 54.191.104.234 which still has the issue. The 34.215.184.69 was the old public IP until i restarted the AWS Lightsail instance. it then changed to the 54.191.104.234.

I have to repoint my DNS so “merci360.com” points to 54.191.104.234

With regards to the certificate saying “certificate name does not match input” I still have this error. How do I fix this?

This

is not your public ip. Rechecked your domain - https://check-your-website.server-daten.de/?q=merci360.com - this

Host T IP-Address is auth. ∑ Queries ∑ Timeout
merci360.com A 34.215.184.69 Portland/Oregon/United States (US) - Amazon.com, Inc. Hostname: ec2-34-215-184-69.us-west-2.compute.amazonaws.com yes 2 0
AAAA yes
www.merci360.com C merci360.com yes 1 0
A 34.215.184.69 Portland/Oregon/United States (US) - Amazon.com, Inc. Hostname: ec2-34-215-184-69.us-west-2.compute.amazonaws.com yes

is your public ip. And there are - again - only timeouts, so it's impossible to check your certificate.

So please do that.

ns09.domaincontrol.com

is your name server.

The IP of the instance is not the 34 as shown in the image I attached in the prior reply. You can see the correct IP address with the failed certificate issue in this post

You can see i have not repointed my dns in GoDaddy so the 34 number keeps showing up

I updated the GoDaddy to point to 54.191.104.234 Probably will take a few minutes to redirect

That might have worked. Does it work for you now? Can you recommend if I need to clean up some of the duplicate certificates (and if so, how) please?

Thank you for your help

The certificate doesn’t have an ip address.

So that can’t work.

You must use the domain name. And that requires a correct dns entry.

Or you can use “check your website” with your ip address and the domain name in the hostname - https://check-your-website.server-daten.de/?q=54.191.104.234&h=merci360.com

Then your connection is correct:

Domainname Http-Status redirect Sec. G
http://54.191.104.234/ 54.191.104.234 301 https://merci360.com/ 1.450 A
https://54.191.104.234/ 54.191.104.234 GZip used - 23152 / 145067 - 84,04 % Inline-JavaScript (∑/total): 14/9976 Inline-CSS (∑/total): 11/59208 200 Html is minified: 207,08 % 6.610 I

The second row doesn’t have a certificate warning.

And your certificate is new:

CN=merci360.com
	19.11.2019
	17.02.2020
expires in 88 days	*.merci360.com, merci360.com - 2 entries

But the content check doesn’t work because there is the domain name used -> timeouts -> Grade I.

I don’t know what any of that means…lol You did mention I had multiple certs. Will this be an issue in 3 months when they expire again? Not sure why it expired. I had done the renew back in October. Maybe I did not do the"renew" correctly?

Is there a way to have it auto renew?

Now the new ip is visible - https://check-your-website.server-daten.de/?q=merci360.com

And the certificate and connection is correct.

Grade T isn’t relevant, that’s the non-authoritative (old) ip number.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.