In this quick-start tutorial you will learn how to configure free, auto-renewing SSL certificates for WordPress websites that are hosted on Google Cloud Platform compute engine using the Bitnami version of WordPress on Google Cloud Platform.
Go to your Google Compute homepage and click the hamburger menu in the upper left-hand corner.Go to your Compute Engine, then to VM instances to access your WordPress installation.Once inside your Compute Engine, click on the SSH button to connect to your WordPress installation.
2. Install CertBot Client
Now that you’ve connected to your website’s Apache server, you are going to execute the command to install the Certbot client. The Certbot client is used to issue the SSL certificates that will be used later on in this tutorial.
After executing each of these commands, you can either stay in the same SSH window or exit and open a new one.
3. Generate Certificates
In this step you are going to execute the command below in order to tell the Certbot client to create SSL certificates for your website. Remember to replace 1pagezen.com with your own domain name.
After entering these commands, your certificates will be generated. Take note of the directory where your certificates are installed.
Note: Instructions for testing the certificate auto-renew script were moved here.
4. Test Certificate Renewal
Before setting up auto-renewal for your certificates, you are first going to execute the commands below in order to test the auto-renewal function.
./certbot-auto renew --dry-run
If you get a success message, it means that the certificates are renewing properly.
5. Setup Auto-Renewal
Important Notice: The auto-renew configuration instructions outlined in this section are no longer valid. For updated instructions on configuring auto-renewal, click here. (It is recommended that you skip to step 6 and finish this tutorial first).
In order to program your certificates to automatically renew themselves, you need to configure a crontab that will automatically renew the SSL certificates before they expire.
sudo crontab -e
After entering the crontab -e command, choose the text editor to use to create the crontab. Nano (1) is the easiest text editor to use.
1
Now that you’ve created a new crontab file, scroll to the bottom and paste the commands listed below. The command will tell Certbot to check for renewals twice per day.
After adding this code, enter ctrl+o to save changes, followed by ctrl+x to exit back to your home screen.
6. Configure the Certificates
The next step is to configure your certificates. First, execute the command below to open your bitnami.conf file for editing.
Next, paste the following 3-lines of code below the DocumentRoot line of the bitnami.conf file. This will tell the server to always serve your website's pages with HTTPS encryption. Remember to replace 1pagezen.com with your own domain name. (Update 03/08/2018: 'permanent' added to code to mark redirect as a 301 instead of 302).
Next, use the down-arrow key to scroll down the page. Place a # sign next to each of the two placeholder certificates, and paste the path to your three SSL certificate files as shown in the command below, making sure to replace 1pagezen.com with your own domain name.
After adding this code, enter ctrl+o to save changes, followed by ctrl+x to exit back to your home screen.
7. Update Domain URLs
Changing your website URLs via Settings > General is disabled in the Bitnami version, so you'll need to change your URLs by editing your wp-config.php folder.
In order to open your wp-config.php file for editing, run the command below.
After adding this code, enter CTRL+o to save changes, followed by CTRL+x to exit back to your home screen.
8. Restart your Apache Server
In order for your certificate changes to take effect, you need to restart you Apache server by entering the command below.
sudo /opt/bitnami/ctlscript.sh restart apache
9. Additional Resources
Now that you've completed the tutorial, you should configure your certificates to auto-renew using this tutorial. Also, if your configuration isn't working properly, check out the tutorial below to learn about common SSL errors and how to fix them.
Did it Work?
If your SSL certificates were configured properly, you will notice that your website is being loaded with a green padlock icon.
To configure certificate auto-renewal, please view the tutorial here.
If you have any questions or comments, please post them below!
i have a problem… i did this tutorial and it is working great, i had another page on wix which i replaced with this one. i have pointed my other domain to his page and when i try to go to a page from my other domain it says it is not secure.
All you need to do is configure domain forwarding through your domain name provider – you don’t need to add SSL to the secondary domain.
If you need to instructions on how to configure domain forwarding, do a google search for your domain name provider followed by ‘domain forwarding’. For instance, you would search for NameCheap domain forwarding or GoDaddy domain forwarding.
I already did that, I can’t configure much, only the cname to redirect as it was a wix site domain, is there any way to include it into the same ssl I already use?
I’m not aware of what types of restrictions Wix puts on their domain names.
Are you able to change the nameservers on the Wix domain to Google Cloud nameservers? If so, it will likely be possible to configure SSL on that domain. All you’d need to do is re-issue the certificates, making sure to include both domains when running the certificate issuing command. For example:
i used that code you provided and it seems that it the certificates are now generated for both domains, but i still get the not secure page when trying to go into http://www.decenmuebles.com, do i need to follow the hole tutorial again but with http://www.decenmuebles.com domain? i already made it with decen.com.mx
also it seems to show the not secure page only on safari
This is a tutorial for LAMP stack. I have 2 versions – the version you’re viewing now is the Bitnami version, and there is also a version for the Click-to-deploy version. Both of these tutorials are for LAMP stack (Linux, Apache, MySQL, PHP).
Hope this helps and let me know if you have any questions,
Joe
Hi, thanks for answering, when I’m in the apache restart step these errors are generated:
(It’s a php application I do not use wordpress
Unmonitored apache
AH00526: Syntax error on line 52 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/yakarei.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 52 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/yakarei.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
Monitored apache
Hello,great tutorials,but i have problem,when i add static address and domain and ssl,and in some point website don’t work.Installing order is next,add static ip,point domain,add ssl .Can’t figure where is mistake,can you advice me.Have other website,works fine with these steps.
Thanks
/opt/bitnami/apps/wordpress/htdocs/ is the webroot for the Google Cloud Bitnami LAMP stack. The webroot for the Click-to-deploy version is /var/www/html and that tutorial can be found here.
Hi Leron, I find you on YouTube video to configure my domain on Amazon. I start to use a Lighsail and you help me a lot! Thanks! Now I’m trying to configure a free SSL certificate on Lightsail. This is possible? Thanks!
I have not used the AWS Lightsail service so I’m not sure whether or not it is possible.
I would recommend doing a Google search for “letsencrypt lightsail aws” and see what you find. I just ran the search myself, and there appears to be numerous tutorials on the subject.
Unfortunately that won’t work. Because the certificate was issued for the .tk domain, it will only work for the .tk domain. If you try to use that certificate with another domain, you will see an SSL ‘mismatch’ error in the browser.
You will have to change all of your files to reflect the new domain name, and then re-issue the SSL certificate for the new domain name.
Easiest thing would be to start from scratch, but you can always work backwards if you feel you have a good grasp on how the configuration works.
Hope this helps and let me know if you have any other questions,
Joe
Hi thanks for posting the great tutorial I am fine with the setting this up now. I have the lock symbol on my site thanks to you. I wrote another message to say thanks and that there is no reason to respond to my earlier message but it does not seem to have posted, so I just wanted to let you know that the earlier issue is resolved and that I am working on other issues now with the ‘redirect chains’. Thanks, Mike
sudo crontab -e
no crontab for root – using an empty one
crontab: installing new crontab
“/tmp/crontab.CclGhz/crontab”:0: bad minute
errors in crontab file, can’t install.
Do you want to retry the same edit? (y/n) y
crontab: installing new crontab
“/tmp/crontab.CclGhz/crontab”:0: bad minute
errors in crontab file, can’t install.
Do you want to retry the same edit? (y/n)
I picked no and got :
Do you want to retry the same edit? (y/n) n
crontab: edits left in /tmp/crontab.CclGhz/crontab
What should I read or do next if you have time to advise me. Thanks, Mike
The error means that there is an error in your crontab file. In this case, it appears to be a formatting issue (incorrect characters/formatting).
Go back through the cron section of the tutorial and verify that your crontab file is configured as shown in the example.
Also, please check out the following resource for additional information about the bad minute error, and this resource for a basic outline of cron and how it works.
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use ‘*’ in these fields (for ‘any’).#
# Notice that tasks will be started based on the cron’s system
# daemon’s notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
When you run the sudo crontab -e command, it opens your crontab file. The output that you pasted in your message is simply the default text contained in the crontab file. You will need to paste the auto-renew script at the bottom of the default text, and then save the file.
Hope this provides some additional clarification and let me know if you have any questions,
Joe
I am trying to install the SSL on Google Cloud Bitnami WordPress Multi-Tier and I have the following questions:
1. Which of the two IP addresses generated my the deployment should I use is the one linked to the frontend or the one linked to the database and backend?
2. The installation on either IP addresses Aborts when I am generating the Certicate, specifically when I enter Y for yes for the installation to continue, the operation suddendly Aborts. How do I address this issue?
Hello, I followed the manual, and it works.
Although at the time of auto renew fails, and I have to rebuild the certificate.
I’m obviously in wordpress and bitnami.
why? And what code I have to implement to forget the certificate.
Follow the instructions in this tutorial to configure auto-renewal for your certificate. If your certificate is already expired, execute the ./certbot-auto renew command from the directory where certbot is installed. For example, try executing the command right after you finish with step 2.
Hope this helps and let me know if you have any questions,
Joe
Great tutorial! Thank you! I have setup my site with ssl. Now I’ve bought a new domain name which I also want to set up using SSL. What do I need to do? Do I need to repeat this tutorial again? Will both domain names work with us to sell after doing this? Thank you
Thanks for the feedback – I’m glad to hear the tutorial worked for you!
Did you want your new domain name to link to the same website as your other domain? Did you want it to link to a subdirectory of your website?
There are many, many different ways of configuring multiple domains for a single website. And as far as encryption, it is best to add all of the domains to a single certificate, so that all domains on your server are utilizing the same certificate.
The process of issuing multiple domains under a single certificate is similar to the process in step 3 of the tutorial, however, you would add additional -d flags for each of the additional domains that you wanted to secure under the certificate. For example, if you wanted to secure your original domain and your new domain, your certificate issuing command would looks something like the code below (assuming your domains are scottjones.com and scottjones2.com):
I think you’re allowed to add upwards of 100 domains to a single certificate.
I hope this answers your question. If not, please provide additional details about which type of configuration you’re going for and I will do my best to help.
Great. I’ve already setup ssl on one domain name on my WordPress setup using your tutorial. So, do I only need to run the code you provided for domain #2 (scottjones2.com in your example) and it will be added to what I’ve already setup?
Yes – that will add SSL to that domain, however you still need to configure it with your server.
Just like with configuring the first domain, you need to configure another Apache virtual host for your new domain. Check out this resource and this resource to get a general idea of the process.
I have used this guide before and had no issues at all, but I just tried to configure SSL for my new website and I am having an issue. After restarting the server, my site was loading with no problem (however, “https://” was in grey and not green), and about 5 minutes later it will not load at all.
The SSL is fine, it’s just that your website is serving insecure content (see part 1 of this tutorial) from your website’s IP address instead of it’s domain name.
Make sure that you update your WordPress site URL’s in your WP config file (step 7 of this tutorial). Then refresh your URLs by going to Settings > Permalinks – then selecting the post name option (click the save button twice again, even if it’s already set to post name setting).
Hope this helps and let me know if you have any questions,
Joe
Once again you have saved the day! The mixed content was the issue. I had to fixed the urls for all of my pictures and now every page is properly secured.
After last night, the website was loading perfectly and with the green padlock. But this morning the same thing has happened, where the site is loading the domain host page and is also not secure.
My URL’s are correct, but I can’t get into my site to check mixed content and permalinks (even though these were working perfectly last night). Any ideas?
Hello Leron,
Thank you for your outstanding tutorial video. It is very helpful.
Over 3 months ago, I followed your instruction to obtain a free SSL certificate and set auto renewal for trendyls.com. I wasn’t sure the auto renewal set up properly. However, the trendyls.com certificate was expired 3 days ago. I followed your instruction again, It granted the Certificate valid for the next 90 days but it fail the auto renew. I got the syntax error in bitnami.conf as described below, I have no luck so far to correct it. Please take a look and give me some instruction.
Thank you in advance.
Unmonitored apache
AH00526: Syntax error on line 59 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateChainFile: file ‘/etc/letsencrypt/live/trendyls.com/chain.em’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 59 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateChainFile: file ‘/etc/letsencrypt/live/trendyls.com/chain.em’ does not exist or is empty
apache config test fails, aborting
Monitored apache
You have a typo. You typed your file path as /etc/letsencrypt/live/trendyls.com/chain.em, but it should be /etc/letsencrypt/live/trendyls.com/chain.pem
Make the suggested change, restart your server, and the problem should be fixed.
You will have to change the permission level of your wp-config.php file to 755, as shown in step 3 of this tutorial.
If that doesn’t work, you may have to use 777 instead of 755, or better: verify that the file has the proper owner. You can learn more about the chown command and Linux file ownership here.
Feel free to reach out if you have any questions,
Joe
Mixed Content: The page at ‘https://www.printzx.com/’ was loaded over HTTPS, but requested an insecure image ‘http://demo.themeum.com/wordpress/wp-megamenu/wp-content/uploads/2017/07/brand-logo.png’. This content should also be served over HTTPS.
This is the error in my website when i upload free ssl certificate google cloud . Can you tell me how to solve this problem ?
Hi Leron
Beautiful job with the tutorials. really loving them.
Just to let you know + if you are able to suggest a way out of my troubles: I set up the ssl certificates according to your instruction – they worked but I didnt get the green lock yet – I came back a few hours later to continue with your tutorials and Google cloud was telling me I needed to resize my VM instance – I did it and.. Apache no longer starts.
I sourced info on the bitnami forum and there they requested an error log in similar cases – by running: /opt/apache2/logs/error.log
But I get: “-bash: /opt/apache2/logs/error.log: No such file or directory”
So I cant move forward there at the moment either.
Have you ever come across anything similar – its definitely the resizing that threw my set up off.
Hi Sami,
In most cases you won’t need to resize your VM – the micro machine is fine for 99% of WordPress websites.
Next, what is the error message you see when you try to restart Apache?
Also, to view your error log in the future, run the following command:
Hi Joe
Thanks for the reply – I reached out to someone on my inhouse my support team and they managed to get the apache back and running again – as soon as I get confirmation on what they did I will comment here for everyones benefit.
We had to upgrade as we are building a prestashop in addition to the wp site and even if we arent at the very limit now (google cloud was suggesting we upgrade) they idea was to get set up on the micro level and near launch upgrade.. Anyways Love your blog and the advice here, you are addressing a great niche and expect that if your business hasnt totally blown up yet it is ikely to do so, such quality is the material, sure to attract loads if traffic. Well done & thanks!
Hi Sami,
Thanks for the feedback. Also, I am glad to hear that you were able to get the issue resolved.
And I didn’t realize you were going to be running on online store, in which case a more robust machine would be appropriate.
Looking forward to hearing about the solution. 🙂
Talk to you soon,
Joe
Hi Joe
Here is what our guy had done:
I disabled Debian’s default Apache with:
sudo update-rc.d apache2 disable
> >then restarted the server using
sudo reboot
(not sure if this is the recommended way to restart a google cloud instance)
> >and Bitnami’s Apache is now able to start
I now need to follow up with a few more of your tuts – thanks again, and if anyone has that same issue I experienced, the ommads here might work for you but try at your own risk
sami
Hello,
Please I have an issue after following your tutorial. thank for the tutorial first.
After configuring my SSL cerftificates succssfully, I received a message from Certbot saying my certificates will expire in a few days. Thoug I set automatic renewal.
I dont understand why. I assure you, I went through your video tutorial, and you post, followed everything as you said but I still have that issue.
Hi Damien,
Follow this tutorial for updated instructions on how to configure auto-renewal for your certificates.
Let me know if you have any questions,
Joe
When I go to restart Apache, I’m getting the following:
AH00526: Syntax error on line 54 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.bella-vr.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
root@bitnami-wordpress-dm-d806:/etc/letsencrypt# sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 54 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:f/bitnami/bitnami.conf
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.bella-vr.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 54 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.bella-vr.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
apache config test fails, aborting
Monitored apache
Hi Reid,
Try CJ’s solution of changing the permissions of the letsencrypt directories. If that doesn’t work, go back to line 54 of your bitnami.conf file and make sure there are no spaces at the end of each line. Also, make sure sure there are no spelling errors on either of the 3 certificate paths (extra quotation marks, etc).
Let me know if you have any questions,
Joe
You are awesome. Actually awesome! I’m working on a website. Following your tut, I just made it safe. Next step should be managing content in the site.
Do you have any related tutorials concerning customising WordPress website (bitnami) on GCP?
Hi Andy,
I’m glad you were able to get your website running on Google Cloud.
I don’t offer have any front-end tutorials for WordPress, but if you do a Google search, you will find thousands (if not millions).
Good luck and let me know if you have any questions,
Joe
Leron i am using lamp stack on my engine, therefore i changed wordpress to apache and apche2 as well but no luck resolving the error.
~$ ./certbot-auto certonly –webroot -w /op
t/bitnami/apps/apache/htdocs/ -d lamicane.com -d http://www.lamicane.com
Requesting to rerun ./certbot-auto with root privileges…
/opt/bitnami/apps/apache/htdocs/ does not exist or is not a directory
Hi Nishant,
The error message is saying that the directory /opt/bitnami/apps/apache/htdocs/ doesn’t exist.
From my understanding, if you’re running your application on a standalone Bitnami LAMP stack your webroot is /opt/bitnami/apache2/htdocs.
If you’re using the pre-built WordPress LAMP stack, your webroot is /opt/bitnami/apps/wordpress/htdocs/
Hope this helps and please reach out if you have any questions,
Joe
Thanks Leron, this worked perfectly but now i am having trouble with this line
sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php. after changing it to sudo nano /opt/bitnami/apache2/htdocs/config.php blank screen appears.
If a blank screen appears it means that the file does not exist, and therefor it created a new empty file at that location.
Word of advice: if in doubt about whether a file exists at a certain location, use the cd command. For example, if there is in fact a wp-config.php at the location /opt/bitnami/apps/wordpress/htdocs/, then it will show up when you enter the command cd /opt/bitnami/apps/wordpress/htdocs/. If not, it will show a file not found error.
Get familiar with using this process as it will save you a great deal of hassle down the road from entering invalid file paths.
Also, check out this tutorial on Basic Linux Commands for Google Cloud – this will help you get comfortable with navigating the Linux Shell, and will help a lot in the future with configuring your websites in the cloud (the Linux Shell is universal across all cloud platforms).
Hi OMK,
For Bitnami stacks, you have to access phpMyAdmin via SSH tunnel, which I demonstrate in this tutorial.
Please have a look at the tutorial and let me know if you have any questions,
Joe
AH00526: Syntax error on line 10 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
ServerAlias only used in
apache config test fails, aborting
Monitored apache
Hi Dennis,
There is an error on line 10 of your bitnami.conf file, specifically on the line with the ServerAlias directive.
Go back to step 6 of the tutorial and make sure the three lines starting with ServerName are configured properly.
Let me know if you have any questions,
Joe
Hey, Love your site and al your videos by the way. I recently setup the SSL for Bitnami on Google Cloud and My website does NOT always load the GREEN SSL LOCK. How do I fix this issue?
I am getting this error :
jay@omsai-wordpress-1-vm:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 51 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
apache config test fails, aborting
Monitored apache
Make sure there aren’t any spaces at the end of the certificate path on line 51 (and for the other two certificate paths) – this is probably what is causing the error.
I will make an AWS SSL tutorial in the future. That being said, the configuration for the GCP and AWS Bitnami WordPress stacks are nearly identical, so you should be able to use this tutorial to configure SSL on AWS.
If you try it and run into any issues, let me know and I will see how I can help.
Joe
Try moving to the destination one level at a time and see what happens: cd opt then cd bitnami then cd apache2 then cd conf then cd bitnami then sudo nano bitnami.conf
Leron, Thanks for this great tutorial. I already setup SSL successfully and everything is Ok except accessing to phpmyadmin since I’m using wordpress bitnami on GCP I have to get access to phpmyadmin through http://127.0.0.1:8888/phpmyadmin but it redirect s me to main domain e.g https://www.1pagezen.com. Just as a note After finishing tour tutorial to get access to phpmyadmin locally I followed https://docs.bitnami.com/google/components/phpmyadmin/ also I had access to phpmyadmin before setting up SSL on my website.
In error_log:
localhost:443:0 server certificate does NOT include an ID which matches the server name
Command line: ‘/opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf’
client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/import.php
What is your domain? If you don’t want to provide it, make sure to run a check with an SSL Checker to make sure you have both the www-version and non www-version of the domain listed in your SSL certificate.
Leron, Thanks for reply but to clarify again I have no problem with SSL it means already setup successfully but not able to access to bitnami phpmyadmin as I mentioned. Please check the bitnami link I posted before for accepting to phpnyadmin which is only possible on localhost.
Are you referencing your server logs? Try using Chrome browser and accessing localhost and choose the “proceed anyway” option when the browser warns that the SSL certificate is invalid.
This error is expected as localost is not listed in the SSL certificate, and therefor will show a security warning by default.
I want to go to google cloud but i have it hard fining a cost for a simple wordpress website hosting, can you give me a rught idea the cost to host a site like yours?
You could run a website like onepagezen.com for around $2-5/month using the most basic settings. That being said, remember that this is not a data intensive website (no stored user account data or video), so the storage/networking costs are low.
Thanks for your response, so your saying i should just select the basic options when signing up? my site is under 500mb when i use all in one migration, so i beleve its very small.
What I would recommend is that you start with the most basic option, and then if you’re experiencing issues with performance, you can always upgrade (see the performance graphs at the top of your GCP dashboard).
Great tutorials – very clear and well documented.
I’m wondering if you could provide alternate instructions for Step 6 of the “Free SSL Certificate Setup for WordPress on Google Cloud (Bitnami)” tutorial specific to the nginx server rather than apache. I’ve deployed Bitnami’s “bitnami-wordpresspro-dm-fa11” which is WordPress with Nginx and SSL for Google Cloud Compute Engine. The settings for nginx will be a little different than those for apache. I’m trying to intuitively figure it out, but so far I haven’t successfully mapped the calls to the certificates to the correct location in /etc/letsencrypt/… so my site isn’t secure yet.
Hi James,
Thanks for the feedback!
Unfortunately I won’t be doing any Nginx tutorials because Apache is the default server for most of the stacks covered in these tutorials.
That being said, I would check StackOverflow for troubleshooting and Digital Ocean for some great Nginx tutorials.
Let me know if you have any questions!
Joe
Hi Leo,
Thanks for this tutorial, I did this a few months ago and today I receive an email from
Let’s Encrypt Expiry Bot, is it normal? Is it going to renew automatically?
Thank you very much.
“Hello,
Your certificate (or certificates) for the names listed below will expire in
20 days (on 04 Mar 18 13:03 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.
….”
The auto-renew script from the first version of the tutorial didn’t seem to work for most people. For this reason, I created an updated tutorial that focuses specifically on how to configure auto-renewal for Let’s Encrypt SSL certificates, and you can view that tutorial here.
Please reach out to me if you have any questions or encounter any issues while going through the tutorial.
Hi, thanks for the great tutorial. I found the solutions before you approving my comment.
please tell me can I use the below code. I have static IP address in order to eliminate duplicate code I wrote code like this. As of now everthing working perfectly.
Thank you for your good introductions.
I had success of the SSL Certificate Setup on my MAIN domain.
Then when I tried the process again on my SUB domain, I got the SSL Certified SUB domain.
But unfortunately, my SSL Certified MAIN domain came back to Non-Certificate state, instead.
I will show you partly what I did on my SUB domain procedure. The rest was same with that of MAIN domain steps
following your example , 1pagezen.com (MAIN domain) with subzen.1pagezen.com (SUB domain),
Please, answer to me what point was wrong and should be modified when I try again the SSL Certificate Setup
for both my MAIN and SUB domains.
What I did :
<<>> step
(prompt)$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d subzen.1pagezen.com -d http://www.subzen.1pagezen.com
….
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/subzen.1pagezen.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/subzen.1pagezen.com/privkey.pem
…
<<>> step
(prompt)$ ./certbot-auto renew –dry-run
…
Processing /etc/letsencrypt/renewal/subzen.1pagezen.com.conf
…
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/subzen.1pagezen.com/fullchain.pem
…
Processing /etc/letsencrypt/renewal/1pagezen.com.conf
…
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/1pagezen.com/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/subzen.1pagezen.com/fullchain.pem (success)
/etc/letsencrypt/live/1pagezen.com/fullchain.pem (success)
…
Hi Mi,
You should only have one certificate – and in this certificate, it should include every domain and sub-domain you will be using for your website (maximum 100).
Let me know if you have any other questions,
Joe
Then how can I apply the only one certificate of main domain to a sub-domain.
For example, when I already have a SSL certificate for a main domain, 1pagezen.com,
how can I apply it to a sub-domain, subzen.1pagezen.com ?
Can you answer the steps in detail for the procedure?
Configuring sub-domains is not a simple process. DigitalOcean has great tutorials on the subject if you would like to look into it.
Also, if you’re going to be configuring multiple WordPress websites on individual subdomains, I would recommend using Bitnami’s WordPress Multisite stack. Check out their documentation here.
Good luck and let me know if you have any questions. 🙂
I have a bit of a problem with this one – I went throug the tutorial step by step and all seemed to be successful until I viewed my site after completion and realised all of my images were missing from my website. I have the Really Simple SSL plugin installed which came back with the following error:
System detection encountered issues
A definition of a siteurl or homeurl was detected in your wp-config.php, but the file is not writable.
Set your wp-config.php to writable and reload this page.
Saw this and not sure if this helps… After Rachel has done the previous steps of course.
But great fast (smart) way to fix for SEO audit purposes is the Broken Link Checker plugin (By Janis Elsts, Vladimir Prelovac) that runs on my website.
You may find/have a similar one but this is what I use.
1. Inside WordPress dashboard > Settings > Link Checker
– I have kept it at default 72 hour run settings
– Custom select your choice of inside – Look for links in (Tab) and Which Links To Check (Tab)
All (454) |Broken (0) |Warnings (0) |Redirects (100) |Dismissed (0)
It helps me see if there are any broken links on my website and I also check the redirect list of links its brought back. In it you can go in directly and fix some links (including website’s image links that are still reading hht instead of https)
My certificate recently expired–I was getting warnings that it was about to expire, but I thought the auto-renew process would take over. I had set up the auto-renew process as you recommended. I’ve re-run the process you recommend in the tutorial.
Hi Joe,
Same issue for me as well. Did not auto-renew, and was throwing security warnings to users until I noticed. The command above fixed it, but I too would love to be notified of updated auto-renew cron. Thanks again!
Hi MC,
I am aware of the issue and am currently working on a solution.
I will send out on update via mailing list and will update the code on the tutorial.
In the meantime, to manually renew your certificate, you can run: ./certbot-auto renew
Let me know if you have any questions! 🙂
Okay thanks Joe, I see the differnce from previous SSL certificate install (Bitnami). Clearly it starts with installing git vs direct link to https://dl.eff.org/ and extras (chmod a+x certbot-auto).
Question I have here is, what if I want to change my website to run through this SSL certificate channel via https://dl.eff.org/ as per your tutorial here… How do I uninstall git via the ‘apt-get install git-all’ command, installed previously ? Or/And if there are any other further steps I need to do?
Also, can you briefly explain what the two differences are between the two previous/current. Obviously the latter is better but why? (just out of curiosity and for anyone who installed it via git and is reading this he he he) I know I’m a pain, sorry.
The idea behind the second tutorial was simply to make it more ‘streamlined’, and to clear up some of the inefficiencies found in the first edition.
Also, there was a mistake in the first edition of the tutorial, wherein the Certbot repository was being saved to the /tmp directory, which automatically clears over time.
And you’re not a pain! – I am sure several other people have had this same question, however, you’re the only one who mustered the courage to ask.
In the first edition of the tutorial, Git is downloaded to your home directory so you should be able to access the files by entering ls after connecting to your instance via SSH.
I hope this answers your question (and thanks for asking it!)
Well I hope you don’t have too many sites to update… O_O
And on the bright side you will know SSL configuration inside and out after doing it a million times! 😉
I got an error when trying to restart at step 8. Restart your Apache Server
AH00526: Syntax error on line 51 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
apache config test fails, aborting
I’m not sure why because I added the 3 paths as per your example but is looks like something to do with the SSL certificate file paths.
Pls let me know what you think and any possible direction for a solution.
Best regards,
Ben
Hello Joe,
Have installed a moodle (bitnami) instance on CGP, reserved a static ip address, and transfered a domain name so all going good so far!
I have a question at 3. Generate Certificates. of your tutorial.
What would the command look like when creating a certificate for a moodle (bitnami) instance?
I just realise that the following command in your example is going to be incorrect!
However when I look at the following site (see link below) they are using an OpenSSL example, I think,
>How To Create An SSL Certificate? > Create a certificate:
The example code is:
sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
So I am confused. Could you please help me out a little here?
Would i just need to replace the text “wordpress” to “moodle” in the first command snippet above?
Exactly like you said – run the command but replace wordpress with moodle. The directory path should be: /opt/bitnami/apps/moodle/htdocs/ instead of /opt/bitnami/apps/wordpress/htdocs/
Also, don’t run the Open SSL command; that’s for issuing self-signed certificates and is irrelevant to this tutorial.
You are on the right path! Let me know if this answer doesn’t make sense to you or if you have any questions!
That’s gets me into a file with the following lines:
But I don’t see the define example listed but I do see similar code for the domain. if i added my domain here “www.hocvietngu.com” which part of the line would i need to remove?
‘https://’ . $_SERVER[‘HTTP_HOST’];
dbtype = ‘mysqli’;
$CFG->dblibrary = ‘native’;
$CFG->dbhost = ‘localhost’;
$CFG->dbname = ‘bitnami_moodle’;
$CFG->dbuser = ‘bn_moodle’;
$CFG->dbpass = ‘0bfd904c0a’;
$CFG->prefix = ‘mdl_’;
$CFG->dboptions = array (
‘dbpersist’ => 0,
‘dbport’ => 3306,
‘dbsocket’ => ‘/opt/bitnami/mysql/tmp/mysql.sock’,
‘dbcollation’ => ‘utf8_general_ci’,
);
if (empty($_SERVER[‘HTTP_HOST’])) {
$_SERVER[‘HTTP_HOST’] = ‘127.0.0.1:80’;
};
if (isset($_SERVER[‘HTTPS’]) && $_SERVER[‘HTTPS’] == ‘on’) {
$CFG->wwwroot = ‘https://’ . $_SERVER[‘HTTP_HOST’];
} else {
$CFG->wwwroot = ‘http://’ . $_SERVER[‘HTTP_HOST’];
};
$CFG->dataroot = ‘/opt/bitnami/apps/moodle/moodledata’;
$CFG->admin = ‘admin’;
$CFG->directorypermissions = 02775;
$CFG->passwordsaltalt1 = ‘ba43a08e2f3577bf6b434c1229b33238187fd4457d1ca29dc37a6fcfd2093349’;
$CFG->passwordsaltmain = ‘493f919255f39b4f1b5f9c2f7af9d588628b04e26df41d84c4f008900b3e93cd’;
require_once(__DIR__ . ‘/lib/setup.php’);
// There is no php closing tag in this file,
// it is intentional because it prevents trailing whitespace problems!
Use the following code, however, make sure to use the ‘ character by your escape button on your keyboard, not the ‘ by your enter key.
My WP theme for some reason will automatically convert ` to ‘ so make sure that you don’t just copy and paste the code below. But this is what the code should look like:
Good morning
You are installing SSL according to the tutorial you have created. However, it can not be executed in the steps below.
What is the problem?
astheboy@wordpress-vm:~$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d cslab.me
Requesting to rerun ./certbot-auto with root privileges…
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
–debug attempt experimental installation
-h, –help print this help
-n, –non-interactive, –noninteractive run without asking for user input
–no-bootstrap do not install OS dependencies
–no-self-upgrade do not download updates
–os-packages-only install OS dependencies and exit
-v, –verbose provide more output
-q, –quiet provide only update/error output;
implies –non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
Hi Astheboy,
This is not an error that I have come across before.
What you should do is open a support ticket on the LetsEncrypt forums and see if one of their developers can help you.
Talk to you soon,
Joe
rajender_rajotia@pilibangan-vm:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 68 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
Invalid command ‘OB’, perhaps misspelled or defined by a module not included in the server configuration
apache config test fails, aborting
AH00526: Syntax error on line 68 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
Invalid command ‘OB’, perhaps misspelled or defined by a module not included in the server configuration
apache config test fails, aborting
Monitored apache
rajender_rajotia@pilibangan-vm:~$
Hi Rajender,
This means there is an error in your bitnami.conf file on line 68.
So you will need to open the file and check line 68 for an error.
Use CTRL + SHIFT + – in order to jump to a specific line once you’ve opened the file in Nano.
Let me know if you have any other questions,
Joe
I have a question about Free SSL Certificate Setup for Subdomains
instead a main domain.
If I replace the domain name with a subdomain name,
following your example , 1pagezen.com (main domain) with subzen.1pagezen.com (sub domain),
the rest procedure is exactly same with that of the main domain steps except for the domain name ??
If it is different, can you introduce it for subdomains in detail like this website(for main domain) ?
Thanks.
Hi Mi, That is correct. 🙂 You just need to list the subdomains in the certificate, just like you would list your primary domain.
You are allowed to list up to 100 domains / subdomains in a single certificate.
Please let me know if you have any other questions,
Joe
Thanks for the good tutorial. One question is,
can I use the Free SSL Certificate in your tutorial, including the auto-renewing,
for WordPress websites(domain and sub-domains) of a small “commercial enterprise” on Google Cloud Platform ??
In addition, if there is a license website on that, can you let us know or link it ??
Thank you again.
Hi Lee,
You will have to look over the policies and legal repository for Let’s Encrypt and also the Certbot license conditions.
I hope this answers your question, 🙂
Joe
Thank you very much for your kindness support, I would not able to do anything if I did not see your video and tutorials. Yesterday I moved my site to Google Cloud and it takes over one day to do that. It was really tired.
But I still have two more question, it would be great if you could help me and everybody
1. My site after setup the SSL certificate, it still appears the sign that is not secure 100% (images..) How can I fix that?
2. I was built the Bitnami WordPress, but that platform seems to conflict with the W3 Total Cache, so now my site speed on Google Speed Check even a litter bit slower. Is there any way I can fix it? Or can I remove the Bitnami Speed Check on my site?
You website is serving insecure HTTP images – this is a very common problem with SSL, and is easy to fix.
Check out this tutorial to learn how to fix the problem.
Also, either W3 Total Cache or WP Super Cache works better than the other on Bitnami installs – but I forget which one it is. If W3 isn’t working for you, I would give WP Super Cache a try, or else check out the section of Bitnami’s documentation dedicated to configuring W3 Total Cache.
Thank you very much for your time and your advice yesterday.
I follow your instruction and I already fixed the insecure HTTP image. Again, thank you very much for that.
I still have only one problem that I could not install W3 total Cache nor WP Super Cache properly. Both of the caches plugin requires the configuration in wp-cofig.php and htacess
For example, below is the warning when I installed W3 Total Cache.
” FTP credentials don’t allow to write to file /opt/bitnami/apps/wordpress/htdocs/wp-config.php”
W3 Total Cache Error: Files and directories could not be automatically created to complete the installation.
Please execute commands manually
Edit file /opt/bitnami/apps/wordpress/htdocs/wp-config.php and add next lines:
/** Enable W3 Total Cache */
define(‘WP_CACHE’, true); // Added by W3 Total Cache
W3 Total Cache error: It appears Minify URL rewriting is not working. Please verify that the server configuration allows .htaccess
Unfortunately, minification will not function without custom rewrite rules. Please ask your server administrator for assistance. Also, refer to the install page for the rules for your server.”
Thank you so much for your support. I follow your instruction, it appears the below request:
W3 Total Cache error: It appears Page Cache URL rewriting is not working. Please verify that the server configuration allows .htaccess
Unfortunately disk enhanced page caching will not function without custom rewrite rules. Please ask your server administrator for assistance. Also refer to the install page for the rules for your server.
In fact, before that, I had to set the command: sudo chmod 777 /opt/bitnami/apps/wordpress/htdocs/wp-content
And the error above is the only one problem left. I read the info from Bitnami, they try to hide the .htaccess file and they require to change the new .htaccess.conf
What you should do is open a support ticket at the Bitnami Community forums, and describe your issue in detail. The Bitnami engineers will know exactly how to fix the problem.
In the meantime, the solution you’re looking for is probably something similar to Beltran’s response in this thread.
Good luck and let me know if you have any questions! 🙂
Joe
After that, I created the fie: sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php as your advice
And I paste the code: /** Enable W3 Total Cache */
define(‘WP_CACHE’, true); // Added by W3 Total Cache
And I save it and I restart Apache: sudo /opt/bitnami/ctlscript.sh restart
But the W3 Total Cache still requests me as below:
W3 Total Cache error: It appears Page Cache URL rewriting is not working. Please verify that the server configuration allows .htaccess
Unfortunately disk enhanced page caching will not function without custom rewrite rules. Please ask your server administrator for assistance. Also refer to the install page for the rules for your server.
I know Bitnami disable .htacceess file and allow us to create or modify the .htaccess.conf in stead
However, I don’t know how to FIND and SHOW the .htacceess.conf file for the modification
Can you instruct to me some commands to find show the .htaccesss.conf on SSH mode?
Also, what code I should use to insert into that file in order to allow .htaccess.conf work properly with W3 Total Cache? (allow rewriting matter)
Looking your reply soon and many thanks for your kindness help
Hi Bimbimz,
Just put a # sign next to the certificate file paths in the .conf file, or delete them.
You can delete the Certbot and LetsEncrypt files and directories by using the commands from the Linux commands list.
I hope this answers your question.
Joe
Hi Bimbimz,
I only offer support for configuring Let’s Encrypt certificates as shown in this tutorial.
If you’re curious on how to install Comodo certificates, check out this tutorial.
Hope this helps,
Joe
Hi,
Just put a # sign next to the certificate file paths in the .conf file, or delete them.
You can delete the Certbot and LetsEncrypt files and directories by using the commands from the Linux commands list.
I hope this answers your question.
Joe
Great tutorial! I got the SSL to work on my main site. Just wondering how I go about setting up SSL to work on subdomains and mapped domains that exist now and in future when I add more mapped domains?
This is my setup:
In wordpress:
rocketwebber.com is my main domain running on multisite.
example1.rocketwebber.com is a subdomain mapped to example1.com
In google:
I have zone name rocketwebber.com and example1.com
example1.com has an A record that points to the IP for rocketwebber.com
rocketwebber.com has an A record: example1.rocketwebber.com that points to the IP for rocketwebber.
For securing multiple top-level and subdomains in a multisite installation, you will have to install the Domain Mapping plugin. Also, check out the Bitnami Multisite documentation about how to properly configure SSL.
Configuring multiple domains with SSL on single virtual machines is complicated and usually takes some trial and error. Anyways, check out the link above, it should point you in the right direction. Let me know if you have any questions.
Hey Folks,
So followed the tutorial, everything seemed to work perfectly. It shows in wordpress, https:// mydomain.com secure.
However, when I do an ssl checker on it I get the following warnings below:
1. The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
2. None of the common names in the certificate match the name that was entered (www.mydomain.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
As it shows the cert has been created but it still shows up in the browser that it url is insecure.
Wondering if anyone has had the same problems before?
Hey guys,
Awesome tutorial! I would like to add subdomains to my domain and get the certbot to issue a cert for both the domain and the subdomains. Is the easiest way to just add the domains after directory like so: -d domain.com, subdomain1.domain.com, subdomain2.com and so?
I follow your step but unfortunately my website is totally down and not opening while i try to install ssl certificate.
I follow your each step but when in i use this command nly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d teh1one.com -d http://www.tech1one.com
I found error NXDOMAIN
Please help me out i totally helpless. I try my best to resolve my issue always facing same issue that create A/AAA record i already created all the records but i unable to install ssl certificate and also unable to open my website.
Hi Shadman,
You have misspelled tech1one in your certificate issuing command.
Fix that and you likely won’t see that error anymore.
Let me know if you have any other questions.
Thanks,
Joe
Hi Shadman,
The causes of the error are likely that your DNS is not configured properly, that your Domain hasn’t resolved to your new website on GCP, or that the certificate issuing command isn’t being executed properly. What I would do is go over the links at the top of the tutorial page and make sure that you completed each of the 3 pre-requisite tutorials successfully. Check for any errors etc.
You may also have to do some troubleshooting on StackOverflow and Google.
Hope this information is helpful! 😀
Talk to you soon,
Joe
I change the domain of my site, and I’m getting troubles to install a new ssl cert because the older domain cert.. How I remove this to install a new cert??
Hey Matheus,
You can simply redo the tutorial: the Certbot client will ask if you want to overwrite your old certificates – choose “Yes”.
Also – make sure that when you re-do each step, you use your new domain name and not your old one.
Let me know if you have any questions 😀
Joe
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Hi Matheus,
Are you using the right tutorial?
Remember there are both Bitnami and Click-to-Deploy tutorials. If you are using Click-to-Deploy, you need to make sure that all future tutorials are designed for Click-to-Deploy. The same goes for Bitnami.
Talk to you soon, 🙂
Joe
Hi Matheus,
It is usually caused by an insecure content error, as shown in step 1 of this tutorial. As the tutorial shows, you will have to inspect the page and see which element is causing the error.
Hope this helps! 😀
Joe
& i got the result like this:
IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/badmintonvillage.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/badmintonvillage.com/privkey.pem Your cert will expire on 2018-01-01.
5, Setup Auto-Renewal
& i got the result like this:
Congratulations, all renewals succeeded. The following certs have been renewed
6, Configure the Certificates
I have added servername, serverAlias, Redirect (my actual domain)
& I have added # sign next to each of the two placeholder certificates & paste the path to your three SSL certificate files
#SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”
#SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”
SSLCertificateFile “/etc/letsencrypt/live/mydomain.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/mydomain.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/mydomain.com/chain.pem”
8, Restart Apache Server by this code: sudo /opt/bitnami/ctlscript.sh restart apache
Result:
restart apacheUnmonitored apacheAH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage.com/cert.pem’ does not exist or is emptyapache config test fails, abortingAH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage.com/cert.pem’ does not exist or is emptyapache config test fails, abortingMonitored apache
But Eventually couldn’t Work properly. It mentioned that letsencrypt/live/ badmintonvillage.com/cert.pem’ does not exist.
All of the text that says mydomain.com needed to be replaced with you own domain name, which in this case is badmintonvillage.com.
You will need to go back through the tutorial and fix steps 6 & 7 and make sure badmintonvillage is listed in the place of mydomain.
Also, make sure a cert.pem was actually generated. You can check by executing the following command in your SSH terminal: ls /etc/letsencrypt/live/badmintonvillage.com/
The folder should show around 4 certificate files, one of them being cert.pem.
I need you to copy some text and send me it to me.
Will you please open your bitnami.conf folder using the following command: sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
Next, copy the 3 lines at the top of the page that look similar to this: (Important: DO NOT type CTRL+C in nano, to copy, simply highlight the text and it will copy automatically) ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect / https://www.1pagezen.com/
Next, scroll down the page, and copy the three lines of code that look similar to this:
I ran an SSL report on your certificates, and it’s showing that your certificates were issued for example.com.
You will likely need to re-issue the certificates using the following command: ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com
The above command is from step 3 of the tutorial – it’s the only step you need to repeat.
You won’t need to change anything in your bitnami.conf since the file paths will remain the unchanged.
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
___ _ _ _
| _ |_) |_ _ _ __ _ _ __ (_)
| _ \ | _| ‘ \/ _` | ‘ \| |
|___/_|\__|_|_|\__,_|_|_|_|_|
I have removed the HTTP / HTTPS on the command.
The web still cant access SSL while the result said that Certbot can obtain and install HTTPS/TLS/SSL certificates.
The result:
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: –webroot
starwargift@badmintonvillage-vm:~$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com
Requesting to rerun ./certbot-auto with root privileges…
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: –webroot
starwargift@badmintonvillage-vm:~$
Try again, but this time copy and paste the command from the tutorial itself, don’t copy and paste it from my comments.
The comments on WordPress aren’t formatted as standard HTML (which is what is in the grey boxes in the tutorial); that’s why the “-” symbol in front of webroot isn’t being recognized by your SSH terminal.
Dear Joe,
I type the command: ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com and it required me to reset the certificate, and i click yes. However, still not works for getting the SSL.
The Result shows :
– Congratulations! Your certificate and chain have been saved at
:
/etc/letsencrypt/live/badmintonvillage.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/badmintonvillage.com/privkey.pem
Your cert will expire on 2018-01-02. To obtain a new or tweake
d
version of this certificate in the future, simply run certbot-
auto
After putting the restart command, i put the step 3 command again. And then restart again. Still cant access SSL.
The result:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/badmintonvillage.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/badmintonvillage.com/privkey.pem
Your cert will expire on 2018-01-02. To obtain a new or tweaked
It shown up:
Unmonitored apache
AH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bit
nami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage
.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bit
nami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage
.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
Monitored apache
starwargift@badmintonvillage-vm:~$
Hi Rob,
I’ve worked through this tutorial several times, and it works fine. However, the last time I ran through the tutorial I encountered the issue that you described and the way I solved it was by changing the permission level on the certificate directory. I will run through the tutorial again and see if I can reproduce the issue to give you a more thorough documentation on how to avoid/fix it.
Thanks for pointing this out. 🙂
Joe
What permission level did you set the certificate directory to? I’m currently having this issue.
Results from running apachectl configtest:
AH00526: Syntax error on line 58 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/mydomain.com/cert.pem’ does not exist or is empty
It does exist and it’s not empty because I checked running :
Hi, thanks very much for the helpful tutorial! When trying to obtain a new certificate, I got the following error. Any help is appreciated.
Chris
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for globalgocare.com
http-01 challenge for http://www.globalgocare.com
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. http://www.globalgocare.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficien
t authorization :: Invalid response from http://www.globalgocare.com/.well-known/acme-challenge/JnaGPMHqkk2puEIPHBtnhHtsy
OxwuxbIJA6jbSuTwyc: ”
<meta name="viewport" content="width="
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
Joe, I also did your tutorial on domain name configuration and did that work and everything went fine. I’m noticing a thread there “From Google Cloud Platform dashboard, go to cloud DNS. Check your IP address of your A record. Go to your VM instance page, look at the IP address of the VM instance that is running your WordPress website. Do they match?” I’m using the Bitnami click to deploy app. I don’t have a cloud DNS zone. Let me know if that’s part of my problem. Thanks.
You need to have a DNS zone that is managing the IP/domain that is running your instance, as shown in this tutorial. What the certbot error is essentially saying is, “the nameservers of this domain aren’t connected to your Google Cloud Platform account, so for that reason you don’t have permission to issue certificates for that domain”.
Take a look at the tutorial that I sent you in the link, and after you’ve completed that let me know if you have any questions.
You’re very kind, and I’m pretty inexperienced in this! I followed your directions for transferring the domain name and reserving a static IP address. But my site isn’t available now. I assume it’s related to the following: when I change the name servers at Google Domains, I get the message, “It looks like you’ve changed your name servers. All settings for your domain (including website, email, synthetic records and resource records) are currently disabled. To enable these settings, you will need to restore the Google Domains name servers. ” Thanks for any help. Chris
When you changed your name servers on Google, you basically opted to manage your domain name through Google Cloud DNS instead of through Google domains.
I think the issue with your website not loading likely has to do with your nameservers and DNS not being configured properly. In addition, make sure your WordPress domain name URLs are set to globalcare.com or http://www.globalcare.com. StackOverflow is also a great resource to use when troubleshooting a DNS configuration.
Good luck, and let me know if I can be of further assistance. 🙂
Joe
Joe, the site is up again, but with the “not secure” warning in the address bar, and the changes seem to have taken out my G-Suite email, which may be part of the coordination problem. I don’t want to take advantage of your good will here, and would be OK paying you to go through my settings with me and get everything on track. Let me know. Thanks, Chris
I sent you an email requesting images from your Cloud DNS, Google Domains DNS, and Cloud VM instances page. I will take a look at the images to see if there are any basic issues that can be quickly and easily resolved.
Talk to you soon,
Joe
Chrissays
All set up with a SSL Cert and G Suite functioning well. Thanks for all the help!
I am glad to hear that everything is working well! 🙂
Let me know if you ever have questions or suggestions for future tutorials!
Best,
Joe
Georgisays
Hi Leron
Thanks for your reply.
I have connection via sftp but the problem is probably permissions. I can see the files but I am able to download only some of them but not the keys.
I am afrate if I change the permissions to sub files and folders they may be different permissions in each of them. I am afrate to not mestup all of them.
Best regards
What you could do is just change only the permissions of the file that you want to edit, within the SSH terminal as shown in this tutorial. Change permissions to 777, download and edit the file (or whatever you want to do with it), and then change the permissions back.
Where ssl certificate store in google compute wordpress Bitnami. I want installed ssl certificate but I don’t know where is save certificate. I’m installing certificate suggested step by you. please Email me root name where ssl store.
Hey Raj,
The load balancing and CDN tutorials are in the making.
They’ve been difficult tutorials to simplify, so that’s why they are taking awhile to make.
Stay tuned, and make sure to join the mailing list to be notified when the tutorials are released!
Talk to you soon,
Joe
Hey Raj,
All of your SSL certificates are located in the folder located at: /etc/letsencrypt/live/YOURDOMAIN.com/
You can view each of the certificate files by executing the command: ls /etc/letsencrypt/live/YOURDOMAIN.com/
Remember to replace YOURDOMAIN.com with your own domain name.
If you want to download the certificates, you can use an FTP client such as FileZilla to locate and download the certificate files (see this tutorial).
Let me know if this answers your question.
Talk to you soon, 😀
Joe
Hi Leron
thank you for you great tutorials! Everything works just fine! Thank you for you quick responds as well!
I have just one question regarding ssl on google cloud. I can not backup the ssl key as I suppose to do following the tutorials for some premision reasons I guess. Can you help out with that?
Thank you in advance
Best regards
Hey Georgi,
I am glad everything is working fine!
Are you looking to backup your SSL certificate files?
You can open up the files and and copy and paste the contents in to a text editor – then save the file with the correct file extension (.pem).
The other thing you can do is download the files via FTP, which I set up in this tutorial.
Let me know if this answers you question. 😀
Talk to you soon,
Joe
Thanks for this tutorial. It is really helpful and I will try this out. There were a few decisions that you made that prompted some questions. Such as why do you prefer to use ‘www’ when setting up your wp-config.php file? Also, should I upload all images to the site before setting up the ssl certificate or doesn’t it matter ? Sorry if I have asked you this one before but I am still a unsure how images are treated for ssl.
I hope you’ve been well! I was happy to see your name popup in the comment feed. 🙂
Regarding your first question – I just personally prefer to use www. with my domains, but you can find a million arguments on the internet arguing that www is better than non-www for SEO, and vise versa. Honestly, I don’t think it matters one way or the other as long as you choose one and stick with it.
As far as uploading images is concerned, I would recommend uploading your pictures after you’ve completed the tutorial, as this will save you from having to change your image URLs later on.
Also, before starting the tutorial, I would recommend taking a snapshot of your instance as a backup, according to step 1 only of this tutorial.
Let me know if you run into any issues with the tutorial, as I would be more than happy to help you through them.
What did you think of this revised version of the Bitnami SSL certificate tutorial?
Did you find it easier, more challenging, not much different?
Please share your questions and comments below!
Thanks,
Joe
I found it perfect. Helped me a lot just when I almost gave up. I was thinking that I would need to change back to HTTP and had no idea how to do that with this bitnami installation. When I found your tutorials it changed my day to great. Truly thanks
Hello Leron, tahnk you for your amazing work
i have a problem… i did this tutorial and it is working great, i had another page on wix which i replaced with this one. i have pointed my other domain to his page and when i try to go to a page from my other domain it says it is not secure.
working domain http://www.decen.com.mx
not working domain http://www.deccenmuebles.com
i would really apreciate your help!
Thanks!
Hi Omar,
All you need to do is configure domain forwarding through your domain name provider – you don’t need to add SSL to the secondary domain.
If you need to instructions on how to configure domain forwarding, do a google search for your domain name provider followed by ‘domain forwarding’. For instance, you would search for NameCheap domain forwarding or GoDaddy domain forwarding.
Hope this helps and talk to you soon,
Joe
I already did that, I can’t configure much, only the cname to redirect as it was a wix site domain, is there any way to include it into the same ssl I already use?
Hi Omar,
I’m not aware of what types of restrictions Wix puts on their domain names.
Are you able to change the nameservers on the Wix domain to Google Cloud nameservers? If so, it will likely be possible to configure SSL on that domain. All you’d need to do is re-issue the certificates, making sure to include both domains when running the certificate issuing command. For example:
Talk to you soon,
Joe
i used that code you provided and it seems that it the certificates are now generated for both domains, but i still get the not secure page when trying to go into http://www.decenmuebles.com, do i need to follow the hole tutorial again but with http://www.decenmuebles.com domain? i already made it with decen.com.mx
also it seems to show the not secure page only on safari
Hi Omar,
It appears to be working correctly. When I visit decenmuebles.com, I get a redirect to decen.com.mx.
Assuming decen.com.mx is your preferred domain – everything is working properly, and no – you don’t have to re-do the tutorial for decenmuebles.com.
Hope this answers your question,
Joe
Hello! Yeah it works great with decenmuebles.com
But could you try with “www” http://www.decenmuebles.com in safari?
There is when I get the not secure thing
Hi Omar,
I just opened it on another device, using “www” and “http” – and it still redirected to https://decen.com.mx.
I think it might just be your Safari’s cache.
Hope this information helps,
Joe
Hello, how can I install an SSL certificate on lampstack?
Hi Pablo,
This is a tutorial for LAMP stack. I have 2 versions – the version you’re viewing now is the Bitnami version, and there is also a version for the Click-to-deploy version. Both of these tutorials are for LAMP stack (Linux, Apache, MySQL, PHP).
Hope this helps and let me know if you have any questions,
Joe
Hi, thanks for answering, when I’m in the apache restart step these errors are generated:
(It’s a php application I do not use wordpress
Unmonitored apache
AH00526: Syntax error on line 52 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/yakarei.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 52 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/yakarei.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
Monitored apache
Hi Pablo,
Check out CJ’s solution that he posted here.
Hope this helps and let me know if you have any questions,
Joe
Hello,great tutorials,but i have problem,when i add static address and domain and ssl,and in some point website don’t work.Installing order is next,add static ip,point domain,add ssl .Can’t figure where is mistake,can you advice me.Have other website,works fine with these steps.
Thanks
Hi Joe,
Currently using aws wordpress bitnami.
I have tried so many times to install certificate according to your instructions but it’s not working.
In the 2nd step
./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d mydomain.com -d http://www.mydomin.com
gettig msg error
“does not exist or is not a directory”
Waiting for your reply.,,🤔🤔🤔
Hi Ahesan,
Are you using the correct tutorial?
/opt/bitnami/apps/wordpress/htdocs/ is the webroot for the Google Cloud Bitnami LAMP stack. The webroot for the Click-to-deploy version is /var/www/html and that tutorial can be found here.
Hope this helps!
Joe
Thanks for your reply.
Actually I am using Amazon aws wordpress manage by bitnami.
Hi Ahesan,
The root directory for the AWS installation is the same, so there shouldn’t be any difference:
Try to navigate into that directory and see if it works:
Talk to you soon,
Joe
Hi Leron, I find you on YouTube video to configure my domain on Amazon. I start to use a Lighsail and you help me a lot! Thanks! Now I’m trying to configure a free SSL certificate on Lightsail. This is possible? Thanks!
Hi Yuri,
I have not used the AWS Lightsail service so I’m not sure whether or not it is possible.
I would recommend doing a Google search for “letsencrypt lightsail aws” and see what you find. I just ran the search myself, and there appears to be numerous tutorials on the subject.
Let me know if you have any questions,
Joe
Hello Leron,
I followed your tutorial and everything worked perfectly.
I did with a test page, my domain.tk, now I would like to implement my .com domain
Can I simply change the files that were pointing to domain.tk for domain.com?
What would be the best way?
Hi Raphael,
Unfortunately that won’t work. Because the certificate was issued for the .tk domain, it will only work for the .tk domain. If you try to use that certificate with another domain, you will see an SSL ‘mismatch’ error in the browser.
You will have to change all of your files to reflect the new domain name, and then re-issue the SSL certificate for the new domain name.
Easiest thing would be to start from scratch, but you can always work backwards if you feel you have a good grasp on how the configuration works.
Hope this helps and let me know if you have any other questions,
Joe
Hi thanks for posting the great tutorial I am fine with the setting this up now. I have the lock symbol on my site thanks to you. I wrote another message to say thanks and that there is no reason to respond to my earlier message but it does not seem to have posted, so I just wanted to let you know that the earlier issue is resolved and that I am working on other issues now with the ‘redirect chains’. Thanks, Mike
I got this error message at step 6 still :
sudo crontab -e
no crontab for root – using an empty one
crontab: installing new crontab
“/tmp/crontab.CclGhz/crontab”:0: bad minute
errors in crontab file, can’t install.
Do you want to retry the same edit? (y/n) y
crontab: installing new crontab
“/tmp/crontab.CclGhz/crontab”:0: bad minute
errors in crontab file, can’t install.
Do you want to retry the same edit? (y/n)
I picked no and got :
Do you want to retry the same edit? (y/n) n
crontab: edits left in /tmp/crontab.CclGhz/crontab
What should I read or do next if you have time to advise me. Thanks, Mike
Hi Michael,
The error means that there is an error in your crontab file. In this case, it appears to be a formatting issue (incorrect characters/formatting).
Go back through the cron section of the tutorial and verify that your crontab file is configured as shown in the example.
Also, please check out the following resource for additional information about the bad minute error, and this resource for a basic outline of cron and how it works.
Hope this helps,
Joe
sudo crontab -e is the command I got stuck on.
after that I get this output:
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use ‘*’ in these fields (for ‘any’).#
# Notice that tasks will be started based on the cron’s system
# daemon’s notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
Hey Michael,
When you run the
sudo crontab -ecommand, it opens your crontab file. The output that you pasted in your message is simply the default text contained in the crontab file. You will need to paste the auto-renew script at the bottom of the default text, and then save the file.Hope this provides some additional clarification and let me know if you have any questions,
Joe
Hello,
I am trying to install the SSL on Google Cloud Bitnami WordPress Multi-Tier and I have the following questions:
1. Which of the two IP addresses generated my the deployment should I use is the one linked to the frontend or the one linked to the database and backend?
2. The installation on either IP addresses Aborts when I am generating the Certicate, specifically when I enter Y for yes for the installation to continue, the operation suddendly Aborts. How do I address this issue?
Hello, I followed the manual, and it works.
Although at the time of auto renew fails, and I have to rebuild the certificate.
I’m obviously in wordpress and bitnami.
why? And what code I have to implement to forget the certificate.
Hey JL,
You don’t need to create a new certificate.
Follow the instructions in this tutorial to configure auto-renewal for your certificate. If your certificate is already expired, execute the
./certbot-auto renewcommand from the directory where certbot is installed. For example, try executing the command right after you finish with step 2.Hope this helps and let me know if you have any questions,
Joe
Great tutorial, thanks! Worked like a charm! 🙂
Hi Gergely – I’m glad to hear it worked! Thanks for the feedback!
Great tutorial! Thank you! I have setup my site with ssl. Now I’ve bought a new domain name which I also want to set up using SSL. What do I need to do? Do I need to repeat this tutorial again? Will both domain names work with us to sell after doing this? Thank you
Hey Scott,
Thanks for the feedback – I’m glad to hear the tutorial worked for you!
Did you want your new domain name to link to the same website as your other domain? Did you want it to link to a subdirectory of your website?
There are many, many different ways of configuring multiple domains for a single website. And as far as encryption, it is best to add all of the domains to a single certificate, so that all domains on your server are utilizing the same certificate.
The process of issuing multiple domains under a single certificate is similar to the process in step 3 of the tutorial, however, you would add additional -d flags for each of the additional domains that you wanted to secure under the certificate. For example, if you wanted to secure your original domain and your new domain, your certificate issuing command would looks something like the code below (assuming your domains are scottjones.com and scottjones2.com):
I think you’re allowed to add upwards of 100 domains to a single certificate.
I hope this answers your question. If not, please provide additional details about which type of configuration you’re going for and I will do my best to help.
Talk to you soon,
Joe
Great. I’ve already setup ssl on one domain name on my WordPress setup using your tutorial. So, do I only need to run the code you provided for domain #2 (scottjones2.com in your example) and it will be added to what I’ve already setup?
Thank you!
Hey Scott,
Yes – that will add SSL to that domain, however you still need to configure it with your server.
Just like with configuring the first domain, you need to configure another Apache virtual host for your new domain. Check out this resource and this resource to get a general idea of the process.
Please reach out if you have any questions,
Joe
Thanks for this tutorial! It helped.
May I ask how will I be able to access the private and public key as well as CSR of the SSL installed?
I am trying to set up a CDN in Google cloud and I was prompted by these questions.
Thanks for the reply
Glad to hear it Albert!
You can access them directly in the SSH terminal as root user, then copy and paste their contents.
Let me know if you have any questions,
Joe
Hi, Big thanks for getting back.
Can you help me with the path of where it is installed?
Hi Albert,
First execute the command
to swtich to root user.
Then, execute each of the following three commands to view each of the certificate files (you will need to copy the contents of all three):
Let me know if you have any questions,
Joe
Also – remember to replace example.com with your own domain name. For example:
Hope this helps,
Joe
Hi Joe,
I have used this guide before and had no issues at all, but I just tried to configure SSL for my new website and I am having an issue. After restarting the server, my site was loading with no problem (however, “https://” was in grey and not green), and about 5 minutes later it will not load at all.
All I see now is the landing page for my domain name – https://www.urbanearth.co.za/
Any ideas?
Hi Jonathan,
The SSL is fine, it’s just that your website is serving insecure content (see part 1 of this tutorial) from your website’s IP address instead of it’s domain name.
Make sure that you update your WordPress site URL’s in your WP config file (step 7 of this tutorial). Then refresh your URLs by going to Settings > Permalinks – then selecting the post name option (click the save button twice again, even if it’s already set to post name setting).
Hope this helps and let me know if you have any questions,
Joe
Hi Joe,
Once again you have saved the day! The mixed content was the issue. I had to fixed the urls for all of my pictures and now every page is properly secured.
Thanks again.
Hi Jonathan,
I’m glad to hear you got it working! 🙂
Talk to you soon,
Joe
Hi Joe, sorry to bother you again.
After last night, the website was loading perfectly and with the green padlock. But this morning the same thing has happened, where the site is loading the domain host page and is also not secure.
My URL’s are correct, but I can’t get into my site to check mixed content and permalinks (even though these were working perfectly last night). Any ideas?
Hi Jonathan,
The website is loading without issue on my end.
Also, it appears to be configured properly based on this result from SSL checker. I’m assuming this means you were able to resolve the issue?
Hope this helps and let me know if you have any questions,
Joe
hi
recently i am facing this error after installing ssl
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started
Monitored apache
could you please help ?
Hi Imdad,
There is an issue with one of your files. Try checking the server logs at:
See if that displays the location of the error.
Talk to you soon, Joe
Thank you so much. I did it
Hey Vu – I’m happy to hear that you were able to complete the tutorial!
Hello Leron,
Thank you for your outstanding tutorial video. It is very helpful.
Over 3 months ago, I followed your instruction to obtain a free SSL certificate and set auto renewal for trendyls.com. I wasn’t sure the auto renewal set up properly. However, the trendyls.com certificate was expired 3 days ago. I followed your instruction again, It granted the Certificate valid for the next 90 days but it fail the auto renew. I got the syntax error in bitnami.conf as described below, I have no luck so far to correct it. Please take a look and give me some instruction.
Thank you in advance.
tom@wordpress-1-vm:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 59 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateChainFile: file ‘/etc/letsencrypt/live/trendyls.com/chain.em’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 59 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateChainFile: file ‘/etc/letsencrypt/live/trendyls.com/chain.em’ does not exist or is empty
apache config test fails, aborting
Monitored apache
Hey Tom,
You have a typo. You typed your file path as /etc/letsencrypt/live/trendyls.com/chain.em, but it should be /etc/letsencrypt/live/trendyls.com/chain.pem
Make the suggested change, restart your server, and the problem should be fixed.
Let me know if you have any questions,
Joe
Hi, is there any tutorials for wildcard domain configuration?
Hi James,
There are no Wildcard tutorials available as of now. However, it could be something that I will look into in the future.
Thanks,
Joe
Hello and thanks for this info, I love your blog!
I do all, but I use a SSL really simple pluguin and it not run.
yoast by seo not run.
All need write permision on wp-config.php
How can I enable it?
Thanks mate
Hi Jhon,
You will have to change the permission level of your wp-config.php file to 755, as shown in step 3 of this tutorial.
If that doesn’t work, you may have to use 777 instead of 755, or better: verify that the file has the proper owner. You can learn more about the chown command and Linux file ownership here.
Feel free to reach out if you have any questions,
Joe
Thanks 🙂 I will try to fix it today
You are the king 🙂
Mixed Content: The page at ‘https://www.printzx.com/’ was loaded over HTTPS, but requested an insecure image ‘http://demo.themeum.com/wordpress/wp-megamenu/wp-content/uploads/2017/07/brand-logo.png’. This content should also be served over HTTPS.
This is the error in my website when i upload free ssl certificate google cloud . Can you tell me how to solve this problem ?
Hey Arya,
Check out step 1 of this tutorial.
Let me know if you have any questions,
Joe
Hi Leron
Beautiful job with the tutorials. really loving them.
Just to let you know + if you are able to suggest a way out of my troubles: I set up the ssl certificates according to your instruction – they worked but I didnt get the green lock yet – I came back a few hours later to continue with your tutorials and Google cloud was telling me I needed to resize my VM instance – I did it and.. Apache no longer starts.
I sourced info on the bitnami forum and there they requested an error log in similar cases – by running: /opt/apache2/logs/error.log
But I get: “-bash: /opt/apache2/logs/error.log: No such file or directory”
So I cant move forward there at the moment either.
Have you ever come across anything similar – its definitely the resizing that threw my set up off.
Hi Sami,
In most cases you won’t need to resize your VM – the micro machine is fine for 99% of WordPress websites.
Next, what is the error message you see when you try to restart Apache?
Also, to view your error log in the future, run the following command:
Talk to you soon,
Joe
Hi Joe
Thanks for the reply – I reached out to someone on my inhouse my support team and they managed to get the apache back and running again – as soon as I get confirmation on what they did I will comment here for everyones benefit.
We had to upgrade as we are building a prestashop in addition to the wp site and even if we arent at the very limit now (google cloud was suggesting we upgrade) they idea was to get set up on the micro level and near launch upgrade.. Anyways Love your blog and the advice here, you are addressing a great niche and expect that if your business hasnt totally blown up yet it is ikely to do so, such quality is the material, sure to attract loads if traffic. Well done & thanks!
Hi Sami,
Thanks for the feedback. Also, I am glad to hear that you were able to get the issue resolved.
And I didn’t realize you were going to be running on online store, in which case a more robust machine would be appropriate.
Looking forward to hearing about the solution. 🙂
Talk to you soon,
Joe
Hi Joe
Here is what our guy had done:
I disabled Debian’s default Apache with:
sudo update-rc.d apache2 disable
> >then restarted the server using
sudo reboot
(not sure if this is the recommended way to restart a google cloud instance)
> >and Bitnami’s Apache is now able to start
I now need to follow up with a few more of your tuts – thanks again, and if anyone has that same issue I experienced, the ommads here might work for you but try at your own risk
sami
Hi Sami,
Thanks for the update with the solution! I am happy to hear that you were able to get your system up and running again.
Talk to you soon,
Joe
Hello,
Please I have an issue after following your tutorial. thank for the tutorial first.
After configuring my SSL cerftificates succssfully, I received a message from Certbot saying my certificates will expire in a few days. Thoug I set automatic renewal.
I dont understand why. I assure you, I went through your video tutorial, and you post, followed everything as you said but I still have that issue.
Hi Damien,
Follow this tutorial for updated instructions on how to configure auto-renewal for your certificates.
Let me know if you have any questions,
Joe
Hello,
When I go to restart Apache, I’m getting the following:
AH00526: Syntax error on line 54 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.bella-vr.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
root@bitnami-wordpress-dm-d806:/etc/letsencrypt# sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 54 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:f/bitnami/bitnami.conf
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.bella-vr.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 54 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.bella-vr.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
apache config test fails, aborting
Monitored apache
Any help is appreciated!
Hi Reid,
Try CJ’s solution of changing the permissions of the letsencrypt directories. If that doesn’t work, go back to line 54 of your bitnami.conf file and make sure there are no spaces at the end of each line. Also, make sure sure there are no spelling errors on either of the 3 certificate paths (extra quotation marks, etc).
Let me know if you have any questions,
Joe
You are awesome. Actually awesome! I’m working on a website. Following your tut, I just made it safe. Next step should be managing content in the site.
Do you have any related tutorials concerning customising WordPress website (bitnami) on GCP?
Thank you very much!
Hi Andy,
I’m glad you were able to get your website running on Google Cloud.
I don’t offer have any front-end tutorials for WordPress, but if you do a Google search, you will find thousands (if not millions).
Good luck and let me know if you have any questions,
Joe
Leron i am using lamp stack on my engine, therefore i changed wordpress to apache and apche2 as well but no luck resolving the error.
~$ ./certbot-auto certonly –webroot -w /op
t/bitnami/apps/apache/htdocs/ -d lamicane.com -d http://www.lamicane.com
Requesting to rerun ./certbot-auto with root privileges…
/opt/bitnami/apps/apache/htdocs/ does not exist or is not a directory
Hi Nishant,
The error message is saying that the directory
/opt/bitnami/apps/apache/htdocs/doesn’t exist.From my understanding, if you’re running your application on a standalone Bitnami LAMP stack your webroot is
/opt/bitnami/apache2/htdocs.If you’re using the pre-built WordPress LAMP stack, your webroot is
/opt/bitnami/apps/wordpress/htdocs/Hope this helps and please reach out if you have any questions,
Joe
Thanks Leron, this worked perfectly but now i am having trouble with this line
sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php. after changing it to sudo nano /opt/bitnami/apache2/htdocs/config.php blank screen appears.
Hi Nishant,
If a blank screen appears it means that the file does not exist, and therefor it created a new empty file at that location.
Word of advice: if in doubt about whether a file exists at a certain location, use the
cdcommand. For example, if there is in fact a wp-config.php at the location/opt/bitnami/apps/wordpress/htdocs/, then it will show up when you enter the commandcd /opt/bitnami/apps/wordpress/htdocs/. If not, it will show a file not found error.Get familiar with using this process as it will save you a great deal of hassle down the road from entering invalid file paths.
Also, check out this tutorial on Basic Linux Commands for Google Cloud – this will help you get comfortable with navigating the Linux Shell, and will help a lot in the future with configuring your websites in the cloud (the Linux Shell is universal across all cloud platforms).
Let me know if you have any questions,
Joe
Hi thank you for your blog.
I have gone through all instruction and it works fine and perfect.
However I can’t login to phpmyadmin, do you know how to fix this issue?
Hi OMK,
For Bitnami stacks, you have to access phpMyAdmin via SSH tunnel, which I demonstrate in this tutorial.
Please have a look at the tutorial and let me know if you have any questions,
Joe
First off VERY Clear & Great Videos!
Second so im getting an error on
AH00526: Syntax error on line 10 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
ServerAlias only used in
apache config test fails, aborting
Monitored apache
Any Advice?
Domain- luxairhvac.com
Hi Dennis,
There is an error on line 10 of your bitnami.conf file, specifically on the line with the ServerAlias directive.
Go back to step 6 of the tutorial and make sure the three lines starting with ServerName are configured properly.
Let me know if you have any questions,
Joe
Hey, Love your site and al your videos by the way. I recently setup the SSL for Bitnami on Google Cloud and My website does NOT always load the GREEN SSL LOCK. How do I fix this issue?
Hello Track,
Sounds like your website is serving mixed content, thereby causing a ‘mixed content’ error.
Try looking over this tutorial for a solution on how to fix ‘mixed content’ errors.
Let me know if you have any questions,
Joe
Hello
How can i install Let’s Encrypt SSL on AWS AMAZON CLOUD
Hi Aly,
If you’re using a Bitnami stack on AWS, the instructions will be nearly identical.
Before starting, however, make sure that you have an external IP address assigned to your AWS WordPress instance.
Let me know if you have any questions,
Joe
I am getting this error :
jay@omsai-wordpress-1-vm:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 51 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
apache config test fails, aborting
Monitored apache
Hi Jack,
Make sure there aren’t any spaces at the end of the certificate path on line 51 (and for the other two certificate paths) – this is probably what is causing the error.
Let me know if you have any questions,
Joe
Thanks a lot, Joe it works now,
Keep up the good work.
I’ve followed your tutorials for WordPress on AWS and it helped me alot. Thanks for the very detailed explanation.
Can you make a tutorial for installing SSL Certificate for Wordpess in AWS with bitnami just like this one?
Appreciate your effort, thanks.
Hi Miguel,
I will make an AWS SSL tutorial in the future. That being said, the configuration for the GCP and AWS Bitnami WordPress stacks are nearly identical, so you should be able to use this tutorial to configure SSL on AWS.
If you try it and run into any issues, let me know and I will see how I can help.
Joe
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
file not
I can not do this because the file does not exist
Hello,
Try moving to the destination one level at a time and see what happens:
cd opt then cd bitnami then cd apache2 then cd conf then cd bitnami then sudo nano bitnami.conf
Let me know how it goes,
Joe
Leron, Thanks for this great tutorial. I already setup SSL successfully and everything is Ok except accessing to phpmyadmin since I’m using wordpress bitnami on GCP I have to get access to phpmyadmin through http://127.0.0.1:8888/phpmyadmin but it redirect s me to main domain e.g https://www.1pagezen.com. Just as a note After finishing tour tutorial to get access to phpmyadmin locally I followed https://docs.bitnami.com/google/components/phpmyadmin/ also I had access to phpmyadmin before setting up SSL on my website.
Any idea how to fix this?
Hi Mehran,
At the end of step 4.5, were you able to create the SSH tunnel (see the black terminal showing the Bitnami text)?
Yes.
In error_log:
localhost:443:0 server certificate does NOT include an ID which matches the server name
Command line: ‘/opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf’
client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/import.php
Hi Mehran,
What is your domain? If you don’t want to provide it, make sure to run a check with an SSL Checker to make sure you have both the www-version and non www-version of the domain listed in your SSL certificate.
Let me know what you find out,
Joe
Leron, Thanks for reply but to clarify again I have no problem with SSL it means already setup successfully but not able to access to bitnami phpmyadmin as I mentioned. Please check the bitnami link I posted before for accepting to phpnyadmin which is only possible on localhost.
Hi Mehran,
Are you referencing your server logs? Try using Chrome browser and accessing localhost and choose the “proceed anyway” option when the browser warns that the SSL certificate is invalid.
This error is expected as localost is not listed in the SSL certificate, and therefor will show a security warning by default.
Talk to you soon,
Joe
Also Mehran – please create a new comment at the bottom of this tutorial page, and I will assist you there.
This tutorial page is for SSL certificate troubleshooting only.
Thanks, Joe
I want to go to google cloud but i have it hard fining a cost for a simple wordpress website hosting, can you give me a rught idea the cost to host a site like yours?
Hi Jamaica,
You could run a website like onepagezen.com for around $2-5/month using the most basic settings. That being said, remember that this is not a data intensive website (no stored user account data or video), so the storage/networking costs are low.
Hope this information is helpful,
Joe
Thanks for your response, so your saying i should just select the basic options when signing up? my site is under 500mb when i use all in one migration, so i beleve its very small.
What I would recommend is that you start with the most basic option, and then if you’re experiencing issues with performance, you can always upgrade (see the performance graphs at the top of your GCP dashboard).
I have a problem when I try renew because the url “well-know” is incorrect with certbot
https://mydomain.com.well-known/acme-challenge without “/” before
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: mydomain.com
Type: connection
Detail: Fetching
https:/mydomain.com.well-known/acme-challenge/d2YSErxL3DzgwoxIF-uJfj9M42YH8Qq01eKDkbe1Fo8:
Error getting validation data
Hi Christian,
Did you get the error resolved?
What is the full renew command that you’re executing?
When you are done, follow this intructions to force redirection to https
Add the following to the top of the /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
It’s Quite simple to set it up for Multi- Site… with Sub Domains
Follow the tutorial here but skip the following:
ServerName www.1pagezen.comServerAlias 1pagezen.com
Redirect / https://www.1pagezen.com/
Don’t add that to your bitnami.conf file, you don’t want all your sub domains redirecting to the main one.
Skip adding this lines to your wp-config.php as well—
WITH THIS:
define('WP_HOME','https://www.1pagezen.com');define('WP_SITEURL','https://www.1pagezen.com');
You should install the cert like this
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d 1pagezen.com -d www.1pagezen.com --d subdomain.1pagezen.com -d sub2.1pagezen.comIf you’ve installed it before it would notify you asking if it should expand the certificate. Just enter the code for yes… and you are done..
Great tutorials – very clear and well documented.
I’m wondering if you could provide alternate instructions for Step 6 of the “Free SSL Certificate Setup for WordPress on Google Cloud (Bitnami)” tutorial specific to the nginx server rather than apache. I’ve deployed Bitnami’s “bitnami-wordpresspro-dm-fa11” which is WordPress with Nginx and SSL for Google Cloud Compute Engine. The settings for nginx will be a little different than those for apache. I’m trying to intuitively figure it out, but so far I haven’t successfully mapped the calls to the certificates to the correct location in /etc/letsencrypt/… so my site isn’t secure yet.
Thanks!
Hi James,
Thanks for the feedback!
Unfortunately I won’t be doing any Nginx tutorials because Apache is the default server for most of the stacks covered in these tutorials.
That being said, I would check StackOverflow for troubleshooting and Digital Ocean for some great Nginx tutorials.
Let me know if you have any questions!
Joe
I had the exact same problem, I followed the Bitnami instruction here:
https://docs.bitnami.com/google/apps/wordpress-pro/#how-to-auto-configure-a-lets-encrypt-certificate-in-your-stack
and had mine up and running.
Cheers,
Jared
Hi Jared,
Ive followed this bitnami tutorial but it didn’t work for me.
would you have any other tutorial stetp by step?
Very Thank you
I encountered other problems so I went back to using Apache servers.
Cheers,
Jared
Hi Leo,
Thanks for this tutorial, I did this a few months ago and today I receive an email from
Let’s Encrypt Expiry Bot, is it normal? Is it going to renew automatically?
Thank you very much.
“Hello,
Your certificate (or certificates) for the names listed below will expire in
20 days (on 04 Mar 18 13:03 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.
….”
Hi Marina,
The auto-renew script from the first version of the tutorial didn’t seem to work for most people. For this reason, I created an updated tutorial that focuses specifically on how to configure auto-renewal for Let’s Encrypt SSL certificates, and you can view that tutorial here.
Please reach out to me if you have any questions or encounter any issues while going through the tutorial.
Talk to you soon,
Joe
Hi Joe*,
I will try this other tutorial!
thank you very much!
regards,
Marina.
Sounds good – let me know if you have any questions!
Hi, thanks for the great tutorial. I found the solutions before you approving my comment.
please tell me can I use the below code. I have static IP address in order to eliminate duplicate code I wrote code like this. As of now everthing working perfectly.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^XX\.XXX\.XXX\.XX$ [NC,OR]
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ https://example.com$1 [L,R=301]
I have placed this code to force https in bitnami.conf file.
And I also found this code but It doesn’t redirecting to my ip address to domain.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hi Tejeshawar,
If it is working for you, then go ahead with it!
Also – You shouldn’t run into issues with Google Crawling your website’s external IP.
If your DNS records are configured properly (according to the tutorial), your browser will automatically redirect from your IP to your domain.
Let me know if you have any questions!
I think there were character missing errors on my latest post.
Each <> step remarks on the post right below, respectively,
3. Generate Certificates step
4. Test Certificate Renewal step
6. Configure the Certificates step
7. Update Domain URLs Step
8. Restart your Apache Server step.
Hi, Joe
Thank you for your good introductions.
I had success of the SSL Certificate Setup on my MAIN domain.
Then when I tried the process again on my SUB domain, I got the SSL Certified SUB domain.
But unfortunately, my SSL Certified MAIN domain came back to Non-Certificate state, instead.
I will show you partly what I did on my SUB domain procedure. The rest was same with that of MAIN domain steps
following your example , 1pagezen.com (MAIN domain) with subzen.1pagezen.com (SUB domain),
Please, answer to me what point was wrong and should be modified when I try again the SSL Certificate Setup
for both my MAIN and SUB domains.
What I did :
<<>> step
(prompt)$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d subzen.1pagezen.com -d http://www.subzen.1pagezen.com
….
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/subzen.1pagezen.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/subzen.1pagezen.com/privkey.pem
…
<<>> step
(prompt)$ ./certbot-auto renew –dry-run
…
Processing /etc/letsencrypt/renewal/subzen.1pagezen.com.conf
…
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/subzen.1pagezen.com/fullchain.pem
…
Processing /etc/letsencrypt/renewal/1pagezen.com.conf
…
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/1pagezen.com/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/subzen.1pagezen.com/fullchain.pem (success)
/etc/letsencrypt/live/1pagezen.com/fullchain.pem (success)
…
<<>> step
(prompt)$ sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
************In bitnami.conf file*****************
…
ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect / https://www.1pagezen.com/
ServerName http://www.subzen.1pagezen.com
ServerAlias subzen.1pagezen.com
Redirect / https://www.subzen.1pagezen.com/
SSLCertificateFile “/etc/letsencrypt/live/1pagezen.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/1pagezen.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/1pagezen.com/chain.pem”
SSLCertificateFile “/etc/letsencrypt/live/subzen.1pagezen.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/subzen.1pagezen.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/subzen.1pagezen.com/chain.pem”
…
**********************************************
<<>> step
(prompt)$ sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php
************In wp-config.php file*****************
…
define(‘WP_HOME’, ‘https://www.1pagezen.com ‘);
define(‘WP_SITEURL’, ‘https://www.1pagezen.com ‘);
define(‘WP_HOME’, ‘https://www.subzen.1pagezen.com ‘);
define(‘WP_SITEURL’, ‘https://www.subzen.1pagezen.com ‘);
…
define( ‘DOMAIN_CURRENT_SITE’, ‘1pagezen.com’ );
define( ‘DOMAIN_CURRENT_SITE’, ‘subzen.1pagezen.com’ );
define( ‘PATH_CURRENT_SITE’, ‘/’ );
define( ‘SITE_ID_CURRENT_SITE’, 1 );
define( ‘BLOG_ID_CURRENT_SITE’, 1 );
/* That’s all, stop editing! Happy blogging. */
…
**************************************************
<<>> step
(prompt)$ sudo /opt/bitnami/ctlscript.sh restart apache
————-
The end. Thank you.
Hi Mi,
You should only have one certificate – and in this certificate, it should include every domain and sub-domain you will be using for your website (maximum 100).
Let me know if you have any other questions,
Joe
Thank you for your answer.
Then how can I apply the only one certificate of main domain to a sub-domain.
For example, when I already have a SSL certificate for a main domain, 1pagezen.com,
how can I apply it to a sub-domain, subzen.1pagezen.com ?
Can you answer the steps in detail for the procedure?
Hi Mi,
Configuring sub-domains is not a simple process. DigitalOcean has great tutorials on the subject if you would like to look into it.
Also, if you’re going to be configuring multiple WordPress websites on individual subdomains, I would recommend using Bitnami’s WordPress Multisite stack. Check out their documentation here.
Good luck and let me know if you have any questions. 🙂
Hi Joe
Thanks again for your fab tutorials.
I have a bit of a problem with this one – I went throug the tutorial step by step and all seemed to be successful until I viewed my site after completion and realised all of my images were missing from my website. I have the Really Simple SSL plugin installed which came back with the following error:
System detection encountered issues
A definition of a siteurl or homeurl was detected in your wp-config.php, but the file is not writable.
Set your wp-config.php to writable and reload this page.
Any help of how to do this would be appreciated?
Thanks!
Rachel
Also forgot to ask is this the reason the images are missing?
Hi Rachel,
The image problem could be related to insecure content errors, see this tutorial.
If you can’t figure out the issue send me your site URL and I will take a look.
Joe
Hi Rachel,
Thanks for the feedback – I am glad the tutorials have helped you. 🙂
In order to use a plugin such as Really Simple SSL, you would have to change the default permissions of your wp-config.php file to writable.
You can change these permissions by running the following command:
Although this isn’t a recommended practice for security reasons, it will in fact allow the plugin to write to your wp-config.php file.
Please let me know if you have any questions,
Joe
Leron/Rachel hi,
Saw this and not sure if this helps… After Rachel has done the previous steps of course.
But great fast (smart) way to fix for SEO audit purposes is the Broken Link Checker plugin (By Janis Elsts, Vladimir Prelovac) that runs on my website.
You may find/have a similar one but this is what I use.
1. Inside WordPress dashboard > Settings > Link Checker
– I have kept it at default 72 hour run settings
– Custom select your choice of inside – Look for links in (Tab) and Which Links To Check (Tab)
2. Inside WordPress dashboard > Tools > Broken Links
All (454) |Broken (0) |Warnings (0) |Redirects (100) |Dismissed (0)
It helps me see if there are any broken links on my website and I also check the redirect list of links its brought back. In it you can go in directly and fix some links (including website’s image links that are still reading hht instead of https)
Cheers 😉
Thanks Isabel I’ll give that a go 🙂
Great thanks Joe, I had a feeling that was the case. Not sure if i’m comfortable doing that. Thank you again. Rachel.
Hi Joe,
My certificate recently expired–I was getting warnings that it was about to expire, but I thought the auto-renew process would take over. I had set up the auto-renew process as you recommended. I’ve re-run the process you recommend in the tutorial.
Is there a way to test the auto-renew process?
Thanks for all of your education!
Chris
Hi Chris,
I’m sorry the script isn’t working for you – it hasn’t worked for some other people so I will look into it.
In the meantime run the following command to renew your certificate:
I will notify you when the script it updated.
Talk to you soon,
Joe
Hi Joe,
Same issue for me as well. Did not auto-renew, and was throwing security warnings to users until I noticed. The command above fixed it, but I too would love to be notified of updated auto-renew cron. Thanks again!
Hi MC,
I am aware of the issue and am currently working on a solution.
I will send out on update via mailing list and will update the code on the tutorial.
In the meantime, to manually renew your certificate, you can run:
./certbot-auto renew
Let me know if you have any questions! 🙂
Thanks, all perfect!
Great to hear! Congratulations on completing the tutorial successfully! 😀
Okay thanks Joe, I see the differnce from previous SSL certificate install (Bitnami). Clearly it starts with installing git vs direct link to https://dl.eff.org/ and extras (chmod a+x certbot-auto).
Question I have here is, what if I want to change my website to run through this SSL certificate channel via https://dl.eff.org/ as per your tutorial here… How do I uninstall git via the ‘apt-get install git-all’ command, installed previously ? Or/And if there are any other further steps I need to do?
Also, can you briefly explain what the two differences are between the two previous/current. Obviously the latter is better but why? (just out of curiosity and for anyone who installed it via git and is reading this he he he) I know I’m a pain, sorry.
Have a successful 2018 buddy 😉
Hi Isabel,
The idea behind the second tutorial was simply to make it more ‘streamlined’, and to clear up some of the inefficiencies found in the first edition.
Also, there was a mistake in the first edition of the tutorial, wherein the Certbot repository was being saved to the /tmp directory, which automatically clears over time.
And you’re not a pain! – I am sure several other people have had this same question, however, you’re the only one who mustered the courage to ask.
In the first edition of the tutorial, Git is downloaded to your home directory so you should be able to access the files by entering ls after connecting to your instance via SSH.
I hope this answers your question (and thanks for asking it!)
Wishing you a wonderful 2018 as well!
Cheers, 🙂
Joe
Thank you Leron… I’m busy updating my domains and my clients, and all good he he 😉
Well I hope you don’t have too many sites to update… O_O
And on the bright side you will know SSL configuration inside and out after doing it a million times! 😉
Hello Joe,
I got an error when trying to restart at step 8. Restart your Apache Server
AH00526: Syntax error on line 51 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
apache config test fails, aborting
I’m not sure why because I added the 3 paths as per your example but is looks like something to do with the SSL certificate file paths.
Pls let me know what you think and any possible direction for a solution.
Best regards,
Ben
Hi Benjamin,
Contact me through the OnePageZen Facebook page and send me a screenshot of your 3 lines as they are listed in your bitnami.conf file.
Talk to you soon,
Joe
12/29/17 UPDATE: To fix this problem, make sure there is not spaces after either of your three certificate paths listed in your bitnami.conf file.
Hello Joe,
Have installed a moodle (bitnami) instance on CGP, reserved a static ip address, and transfered a domain name so all going good so far!
I have a question at 3. Generate Certificates. of your tutorial.
What would the command look like when creating a certificate for a moodle (bitnami) instance?
I just realise that the following command in your example is going to be incorrect!
./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d hocvietngu.com -d www.hocvietngu.com
However when I look at the following site (see link below) they are using an OpenSSL example, I think,
>How To Create An SSL Certificate? > Create a certificate:
The example code is:
sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
https://docs.bitnami.com/google/apps/moodle/
So I am confused. Could you please help me out a little here?
Would i just need to replace the text “wordpress” to “moodle” in the first command snippet above?
Best regards,
Ben
Hi Ben,
Exactly like you said – run the command but replace wordpress with moodle. The directory path should be:
/opt/bitnami/apps/moodle/htdocs/ instead of /opt/bitnami/apps/wordpress/htdocs/
Also, don’t run the Open SSL command; that’s for issuing self-signed certificates and is irrelevant to this tutorial.
You are on the right path! Let me know if this answer doesn’t make sense to you or if you have any questions!
Talk to you soon,
Joe
Hello Joe,
Everything going well…and up to Step 7 Update Domain URLs but have hit an issue!
The following config file is wordpress specific i think. So i can’t us
sudo nano /opt/bitnami/apps/moodle/htdocs/wp-config.php
So I just removed the “wp-” extension and left the config.php file as seen below.
sudo nano /opt/bitnami/apps/moodle/htdocs/config.php
That’s gets me into a file with the following lines:
But I don’t see the define example listed but I do see similar code for the domain. if i added my domain here “www.hocvietngu.com” which part of the line would i need to remove?
‘https://’ . $_SERVER[‘HTTP_HOST’];
dbtype = ‘mysqli’;
$CFG->dblibrary = ‘native’;
$CFG->dbhost = ‘localhost’;
$CFG->dbname = ‘bitnami_moodle’;
$CFG->dbuser = ‘bn_moodle’;
$CFG->dbpass = ‘0bfd904c0a’;
$CFG->prefix = ‘mdl_’;
$CFG->dboptions = array (
‘dbpersist’ => 0,
‘dbport’ => 3306,
‘dbsocket’ => ‘/opt/bitnami/mysql/tmp/mysql.sock’,
‘dbcollation’ => ‘utf8_general_ci’,
);
if (empty($_SERVER[‘HTTP_HOST’])) {
$_SERVER[‘HTTP_HOST’] = ‘127.0.0.1:80’;
};
if (isset($_SERVER[‘HTTPS’]) && $_SERVER[‘HTTPS’] == ‘on’) {
$CFG->wwwroot = ‘https://’ . $_SERVER[‘HTTP_HOST’];
} else {
$CFG->wwwroot = ‘http://’ . $_SERVER[‘HTTP_HOST’];
};
$CFG->dataroot = ‘/opt/bitnami/apps/moodle/moodledata’;
$CFG->admin = ‘admin’;
$CFG->directorypermissions = 02775;
$CFG->passwordsaltalt1 = ‘ba43a08e2f3577bf6b434c1229b33238187fd4457d1ca29dc37a6fcfd2093349’;
$CFG->passwordsaltmain = ‘493f919255f39b4f1b5f9c2f7af9d588628b04e26df41d84c4f008900b3e93cd’;
require_once(__DIR__ . ‘/lib/setup.php’);
// There is no php closing tag in this file,
// it is intentional because it prevents trailing whitespace problems!
Hey Joe,
Would this line be correct? with apostrophe and semicolon?
$CFG->wwwroot = ‘https:www.hocvietngu.com’;
} else {
$CFG->wwwroot = ‘http:www.hocvietngu.com’;
Hi Benjamin,
Use the following code, however, make sure to use the ‘ character by your escape button on your keyboard, not the ‘ by your enter key.
My WP theme for some reason will automatically convert ` to ‘ so make sure that you don’t just copy and paste the code below. But this is what the code should look like:
Let me know if this works.
Talk to you soon,
Joe
Good morning
You are installing SSL according to the tutorial you have created. However, it can not be executed in the steps below.
What is the problem?
astheboy@wordpress-vm:~$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d cslab.me
Requesting to rerun ./certbot-auto with root privileges…
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
–debug attempt experimental installation
-h, –help print this help
-n, –non-interactive, –noninteractive run without asking for user input
–no-bootstrap do not install OS dependencies
–no-self-upgrade do not download updates
–os-packages-only install OS dependencies and exit
-v, –verbose provide more output
-q, –quiet provide only update/error output;
implies –non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
Hi Astheboy,
This is not an error that I have come across before.
What you should do is open a support ticket on the LetsEncrypt forums and see if one of their developers can help you.
Talk to you soon,
Joe
rajender_rajotia@pilibangan-vm:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 68 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
Invalid command ‘OB’, perhaps misspelled or defined by a module not included in the server configuration
apache config test fails, aborting
AH00526: Syntax error on line 68 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
Invalid command ‘OB’, perhaps misspelled or defined by a module not included in the server configuration
apache config test fails, aborting
Monitored apache
rajender_rajotia@pilibangan-vm:~$
help sir in the last step i get this message
Hi Rajender,
This means there is an error in your bitnami.conf file on line 68.
So you will need to open the file and check line 68 for an error.
Use CTRL + SHIFT + – in order to jump to a specific line once you’ve opened the file in Nano.
Let me know if you have any other questions,
Joe
Hi, Joe
I have a question about Free SSL Certificate Setup for Subdomains
instead a main domain.
If I replace the domain name with a subdomain name,
following your example , 1pagezen.com (main domain) with subzen.1pagezen.com (sub domain),
the rest procedure is exactly same with that of the main domain steps except for the domain name ??
If it is different, can you introduce it for subdomains in detail like this website(for main domain) ?
Thanks.
Hi Mi,
That is correct. 🙂 You just need to list the subdomains in the certificate, just like you would list your primary domain.
You are allowed to list up to 100 domains / subdomains in a single certificate.
Please let me know if you have any other questions,
Joe
Thanks for the good tutorial. One question is,
can I use the Free SSL Certificate in your tutorial, including the auto-renewing,
for WordPress websites(domain and sub-domains) of a small “commercial enterprise” on Google Cloud Platform ??
In addition, if there is a license website on that, can you let us know or link it ??
Thank you again.
Hi Lee,
You will have to look over the policies and legal repository for Let’s Encrypt and also the Certbot license conditions.
I hope this answers your question, 🙂
Joe
Hi Joe,
Thank you very much for your kindness support, I would not able to do anything if I did not see your video and tutorials. Yesterday I moved my site to Google Cloud and it takes over one day to do that. It was really tired.
But I still have two more question, it would be great if you could help me and everybody
1. My site after setup the SSL certificate, it still appears the sign that is not secure 100% (images..) How can I fix that?
You could see from here: https://www.hienthaoshop.com/
2. I was built the Bitnami WordPress, but that platform seems to conflict with the W3 Total Cache, so now my site speed on Google Speed Check even a litter bit slower. Is there any way I can fix it? Or can I remove the Bitnami Speed Check on my site?
Thank you for your kindness sharing!
Best Regards
Steve
Hey Steve,
You website is serving insecure HTTP images – this is a very common problem with SSL, and is easy to fix.
Check out this tutorial to learn how to fix the problem.
Also, either W3 Total Cache or WP Super Cache works better than the other on Bitnami installs – but I forget which one it is. If W3 isn’t working for you, I would give WP Super Cache a try, or else check out the section of Bitnami’s documentation dedicated to configuring W3 Total Cache.
Let me know if you have any questions, 🙂
Joe
Hi Joe,
Thank you very much for your time and your advice yesterday.
I follow your instruction and I already fixed the insecure HTTP image. Again, thank you very much for that.
I still have only one problem that I could not install W3 total Cache nor WP Super Cache properly. Both of the caches plugin requires the configuration in wp-cofig.php and htacess
For example, below is the warning when I installed W3 Total Cache.
” FTP credentials don’t allow to write to file /opt/bitnami/apps/wordpress/htdocs/wp-config.php”
W3 Total Cache Error: Files and directories could not be automatically created to complete the installation.
Please execute commands manually
Edit file /opt/bitnami/apps/wordpress/htdocs/wp-config.php and add next lines:
/** Enable W3 Total Cache */
define(‘WP_CACHE’, true); // Added by W3 Total Cache
W3 Total Cache error: It appears Minify URL rewriting is not working. Please verify that the server configuration allows .htaccess
Unfortunately, minification will not function without custom rewrite rules. Please ask your server administrator for assistance. Also, refer to the install page for the rules for your server.”
I read the instruction from https://docs.bitnami.com/google/apps/wordpress/ but I cannot edit because simply I do not know how to do it.
Could you give me some advice on how to access and modify the /opt/bitnami/apps/wordpress/htdocs/wp-config.php
If you could make a tutorial about this, I think many viewers will see. Because I searched on the internet, this matter has a very poor instruction.
I am very sorry for taking your time. And I really looking forward your support
Thanks & Regards
Steve
https://www.hienthaoshop.com/
Hey Steve,
In Google Cloud, you will need to click on the SSH button next to the instance that is running your website in order to connect to it.
Next, enter the command sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php to open up your wp-config.php file.
Next, paste the following at the bottom of your wp-config.php file:
/** Enable W3 Total Cache */
define(‘WP_CACHE’, true); // Added by W3 Total Cache
Next, press CTRL + X at the same time, then press Y to save changes, then press “Enter”.
Finally, run the restart command:
sudo /opt/bitnami/ctlscript.sh restart
Let me know if you have any questions. 🙂
Joe
Hi Joe,
Thank you so much for your support. I follow your instruction, it appears the below request:
W3 Total Cache error: It appears Page Cache URL rewriting is not working. Please verify that the server configuration allows .htaccess
Unfortunately disk enhanced page caching will not function without custom rewrite rules. Please ask your server administrator for assistance. Also refer to the install page for the rules for your server.
In fact, before that, I had to set the command: sudo chmod 777 /opt/bitnami/apps/wordpress/htdocs/wp-content
And the error above is the only one problem left. I read the info from Bitnami, they try to hide the .htaccess file and they require to change the new .htaccess.conf
The problem is I do not know how to change it.
Could you help me, please?
Thanks & Regards
Steve
Hey Steve,
It seems that there are multiple issues at play.
What you should do is open a support ticket at the Bitnami Community forums, and describe your issue in detail. The Bitnami engineers will know exactly how to fix the problem.
In the meantime, the solution you’re looking for is probably something similar to Beltran’s response in this thread.
Good luck and let me know if you have any questions! 🙂
Joe
Hi Joe,
I would like to describle again what I did for the setting of W3 Total Cache:
Before installing the W3 Total Cache, I run the command:
sudo chmod 777 /opt/bitnami/apps/wordpress/htdocs/wp-content
After that, I created the fie: sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php as your advice
And I paste the code: /** Enable W3 Total Cache */
define(‘WP_CACHE’, true); // Added by W3 Total Cache
And I save it and I restart Apache: sudo /opt/bitnami/ctlscript.sh restart
But the W3 Total Cache still requests me as below:
W3 Total Cache error: It appears Page Cache URL rewriting is not working. Please verify that the server configuration allows .htaccess
Unfortunately disk enhanced page caching will not function without custom rewrite rules. Please ask your server administrator for assistance. Also refer to the install page for the rules for your server.
I know Bitnami disable .htacceess file and allow us to create or modify the .htaccess.conf in stead
However, I don’t know how to FIND and SHOW the .htacceess.conf file for the modification
Can you instruct to me some commands to find show the .htaccesss.conf on SSH mode?
Also, what code I should use to insert into that file in order to allow .htaccess.conf work properly with W3 Total Cache? (allow rewriting matter)
Looking your reply soon and many thanks for your kindness help
Thanks & Regards
Steve
http://www.hienthaoshop.com
Hey there,
Thanks for this valuable article.
I got free SSL for my site with this method.
Once again thanks for this!!!!!!!!!
Hi Amit,
I am glad to hear the tutorial was helpful to you!
Thanks for taking the time to leave feedback. 🙂
Joe
Hi Leron is there no requirement to make changes to /etc/apache2/sites-available/default-ssl.conf in bitnami wordpress?
Hi Dev,
You don’t need to do anything with the default-ssl.conf.
Talk to you soon, 🙂
Joe
Hello bro,
I done install it, but i want change that will comodo.
and How to Uninstall it ?
Thx
Hi Bimbimz,
Just put a # sign next to the certificate file paths in the .conf file, or delete them.
You can delete the Certbot and LetsEncrypt files and directories by using the commands from the Linux commands list.
I hope this answers your question.
Joe
yes it helps,
I have another question:
I tried to use SSL from comodo, and I have trouble setting it up in:
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php
and this is my setting:
SSLCertificateFile “/opt/bitnami/apache2/conf/comodo/server.crt”
SSLCertificateKeyFile “/opt/bitnami/apache2/conf/comodo/server.key”
SSLCertificateChainFile “/opt/bitnami/apache2/conf/comodo/mydomain.ca-bundle”
can you help me master?
Hi Bimbimz,
I only offer support for configuring Let’s Encrypt certificates as shown in this tutorial.
If you’re curious on how to install Comodo certificates, check out this tutorial.
Hope this helps,
Joe
Hi,
Just put a # sign next to the certificate file paths in the .conf file, or delete them.
You can delete the Certbot and LetsEncrypt files and directories by using the commands from the Linux commands list.
I hope this answers your question.
Joe
Worked perfectly, thank you so so much!
Hi Jonathan,
I’m glad to hear it worked for you!
Thanks,
Joe
Hi Joe,
Great tutorial! I got the SSL to work on my main site. Just wondering how I go about setting up SSL to work on subdomains and mapped domains that exist now and in future when I add more mapped domains?
This is my setup:
In wordpress:
rocketwebber.com is my main domain running on multisite.
example1.rocketwebber.com is a subdomain mapped to example1.com
In google:
I have zone name rocketwebber.com and example1.com
example1.com has an A record that points to the IP for rocketwebber.com
rocketwebber.com has an A record: example1.rocketwebber.com that points to the IP for rocketwebber.
Please help
Hi Anthony,
For securing multiple top-level and subdomains in a multisite installation, you will have to install the Domain Mapping plugin. Also, check out the Bitnami Multisite documentation about how to properly configure SSL.
Configuring multiple domains with SSL on single virtual machines is complicated and usually takes some trial and error. Anyways, check out the link above, it should point you in the right direction. Let me know if you have any questions.
Talk to you soon, 🙂
Joe
Hey Folks,
So followed the tutorial, everything seemed to work perfectly. It shows in wordpress, https:// mydomain.com secure.
However, when I do an ssl checker on it I get the following warnings below:
1. The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
2. None of the common names in the certificate match the name that was entered (www.mydomain.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
As it shows the cert has been created but it still shows up in the browser that it url is insecure.
Wondering if anyone has had the same problems before?
Thanks very much 🙂
Hey guys,
Awesome tutorial! I would like to add subdomains to my domain and get the certbot to issue a cert for both the domain and the subdomains. Is the easiest way to just add the domains after directory like so: -d domain.com, subdomain1.domain.com, subdomain2.com and so?
Thanks very much
Hey Conor,
The format would be -d one.example.com -d two.example.com -d three.example.com
Hope this answers your question!
Joe
Thanks Leron, spot on!
Hey Leron,
I follow your step but unfortunately my website is totally down and not opening while i try to install ssl certificate.
I follow your each step but when in i use this command nly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d teh1one.com -d http://www.tech1one.com
I found error NXDOMAIN
Please help me out i totally helpless. I try my best to resolve my issue always facing same issue that create A/AAA record i already created all the records but i unable to install ssl certificate and also unable to open my website.
Please help me out this.
Hi Shadman,
You have misspelled tech1one in your certificate issuing command.
Fix that and you likely won’t see that error anymore.
Let me know if you have any other questions.
Thanks,
Joe
Actually misspelled only here on my comment but when i write the code on VM Console i write exactly my domain name.
While issuing certificate always give same error message.
Please help me out.
Hi Shadman,
The causes of the error are likely that your DNS is not configured properly, that your Domain hasn’t resolved to your new website on GCP, or that the certificate issuing command isn’t being executed properly. What I would do is go over the links at the top of the tutorial page and make sure that you completed each of the 3 pre-requisite tutorials successfully. Check for any errors etc.
You may also have to do some troubleshooting on StackOverflow and Google.
Hope this information is helpful! 😀
Talk to you soon,
Joe
I would love to see these tutorials continue with setting up Google Cloud CDN!
Hi M Clouds,
That tutorial will be published soon – stay tuned! 😀
Joe
Hello Leron,
I change the domain of my site, and I’m getting troubles to install a new ssl cert because the older domain cert.. How I remove this to install a new cert??
The new domain is empregobahia.com
Hey Matheus,
You can simply redo the tutorial: the Certbot client will ask if you want to overwrite your old certificates – choose “Yes”.
Also – make sure that when you re-do each step, you use your new domain name and not your old one.
Let me know if you have any questions 😀
Joe
I’m getting this error when I try install the certificate in new domain…
What I’ve to do?
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: empregobahia.com
Type: connection
Detail: Fetching
http://www.empregobahia.com/.well-known/acme-challenge/ndukTUUaegNI7gmVgtwMv7L_u-6fN0Xuzf4qgjRpU_w:
Error getting validation data
Domain: http://www.empregobahia.com
Type: connection
Detail: Fetching
http://www.empregobahia.com/.well-known/acme-challenge/fGhD_SXVCPhLV5egw-4rhWGz5RA0Zr8S2nBP4H8vqIw:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Hi Matheus,
Are you using the right tutorial?
Remember there are both Bitnami and Click-to-Deploy tutorials. If you are using Click-to-Deploy, you need to make sure that all future tutorials are designed for Click-to-Deploy. The same goes for Bitnami.
Talk to you soon, 🙂
Joe
Good News!! I found the error
Was the line
ServerName http://www.mydomain.com
ServerAlias mydomain.com
Redirect / https://www.mydomaincom/
I removed this line and installed the new cert…
Everything is normal now…. Buuuut at /wp-admin appear not secure.
What can it be?
Joe!
Hi Matheus,
It is usually caused by an insecure content error, as shown in step 1 of this tutorial. As the tutorial shows, you will have to inspect the page and see which element is causing the error.
Hope this helps! 😀
Joe
This is the full step i go through. Please take a look and see which step i go wrong.
1, Install CertBot Client
2, Generate Certificates
3, Test Certificate Renewal
& i got the result like this:
IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/badmintonvillage.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/badmintonvillage.com/privkey.pem Your cert will expire on 2018-01-01.
5, Setup Auto-Renewal
& i got the result like this:
Congratulations, all renewals succeeded. The following certs have been renewed
6, Configure the Certificates
I have added servername, serverAlias, Redirect (my actual domain)
DocumentRoot “/opt/bitnami/apache2/htdocs”
ServerName http://www.mydomain.com
ServerAlias mydomain.com
Redirect / https://www.domain.com/
& I have added # sign next to each of the two placeholder certificates & paste the path to your three SSL certificate files
#SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”
#SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”
SSLCertificateFile “/etc/letsencrypt/live/mydomain.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/mydomain.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/mydomain.com/chain.pem”
7, Update Domain URLs
Then i REPLACE THIS:
define(‘WP_SITEURL’, ‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/’);
define(‘WP_HOME’, ‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/’);
WITH THIS:
define(‘WP_HOME’,’https://www.mydomain.com’);
define(‘WP_SITEURL’,’https://www.mydomain.com’);
8, Restart Apache Server by this code: sudo /opt/bitnami/ctlscript.sh restart apache
Result:
restart apacheUnmonitored apacheAH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage.com/cert.pem’ does not exist or is emptyapache config test fails, abortingAH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage.com/cert.pem’ does not exist or is emptyapache config test fails, abortingMonitored apache
But Eventually couldn’t Work properly. It mentioned that letsencrypt/live/ badmintonvillage.com/cert.pem’ does not exist.
Thank You Very Much!
Hey Peter,
All of the text that says mydomain.com needed to be replaced with you own domain name, which in this case is badmintonvillage.com.
You will need to go back through the tutorial and fix steps 6 & 7 and make sure badmintonvillage is listed in the place of mydomain.
Also, make sure a cert.pem was actually generated. You can check by executing the following command in your SSH terminal:
ls /etc/letsencrypt/live/badmintonvillage.com/
The folder should show around 4 certificate files, one of them being cert.pem.
Let me know if you have any questions, 🙂
Joe
Dear Joe,
Thanks for your reply,
I have updated the domain to badmintonvillage.com & redo configuring the certificates & update the domain URL.
However, when i put the command: ls /etc/letsencrypt/live/badmintonvillage.com/
The result shows:
ls: cannot access /etc/letsencrypt/live/badmintonvillage.com/: Pe
rmission denied
Hey Peter – my bad… try running the command as sudo:
sudo ls /etc/letsencrypt/live/badmintonvillage.com/
Talk to you soon, 🙂
Joe
Thanks for your reply!
After typing the command: sudo ls /etc/letsencrypt/live/badmintonvillage.com/
The Result:
~$ sudo ls /etc/letsencrypt/live/
badmintonvillage.com/
cert.pem chain.pem fullchain.pem privkey.pem README
starwargift@badmintonvillage-vm:~$
Still not successfully get the SSL
Hey Peter,
I need you to copy some text and send me it to me.
Will you please open your bitnami.conf folder using the following command:
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
Next, copy the 3 lines at the top of the page that look similar to this: (Important: DO NOT type CTRL+C in nano, to copy, simply highlight the text and it will copy automatically)
ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect / https://www.1pagezen.com/
Next, scroll down the page, and copy the three lines of code that look similar to this:
SSLCertificateFile “/etc/letsencrypt/live/1pagezen.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/1pagezen.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/1pagezen.com/chain.pem”
Please send me all of the 6 lines of code as they appear in your file.
I will look over the code and make a recommendation from there.
Talk to you soon, 😀
Joe
Dear Joe,
The situation now is my web will auto show https, but the green lock doesn’t show up.
The 3 lines at the top of the page of this command: sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
ServerName http://www.badmintonvillage.com
ServerAlias badmintonvillage.com
Redirect / https://www.badmintonvillage.com/# Default Virtual Host configuration.
The 3 line at the middle:
SSLCertificateFile “/etc/letsencrypt/live/badmintonvillage.com/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/badmintonvillage.com/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/badmintonvillage.com/chain.pem”
Hey Peter,
That looks good.
I ran an SSL report on your certificates, and it’s showing that your certificates were issued for example.com.
You will likely need to re-issue the certificates using the following command:
./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com
The above command is from step 3 of the tutorial – it’s the only step you need to repeat.
You won’t need to change anything in your bitnami.conf since the file paths will remain the unchanged.
Let me know once you’ve done this.
Talk to you soon, 🙂
Joe
Dear Joe,
Thanks for your reply!
Still cant connect to SSL. The result shows:
Connected, host fingerprint: ssh-rsa 2048 A3:B3:9A:E2:2E:7B:A3:96:DC:21:C4:D0:E7:72:71:99:87:1B:4F:AC
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
___ _ _ _
| _ |_) |_ _ _ __ _ _ __ (_)
| _ \ | _| ‘ \/ _` | ‘ \| |
|___/_|\__|_|_|\__,_|_|_|_|_|
*** Welcome to the Bitnami WordPress 4.8.2-0 ***
*** Documentation: https://docs.bitnami.com/google/apps/wordpress/ ***
*** https://docs.bitnami.com/google/ ***
*** Bitnami Forums: https://community.bitnami.com/ ***
starwargift@badmintonvillage-vm:~$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com
Requesting to rerun ./certbot-auto with root privileges…
Requested name http://www.badmintonvillage.com appears to be a URL, not a FQDN. Try again without the leading “http://”.
starwargift@badmintonvillage-vm:~$
Hey Peter,
The domains in the command that I sent you SHOULD NOT have an http or https in front of them.
Annoyingly, the http and https prefixes are added automatically when posting comments on WordPress.
Try re-issuing the command but make sure the commands after each -d DO NOT include http or https, simply with www or without www.
./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com
Talk to you soon, 😀
Joe
Dear Joe,
I have removed the HTTP / HTTPS on the command.
The web still cant access SSL while the result said that Certbot can obtain and install HTTPS/TLS/SSL certificates.
The result:
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: –webroot
starwargift@badmintonvillage-vm:~$ ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com
Requesting to rerun ./certbot-auto with root privileges…
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: –webroot
starwargift@badmintonvillage-vm:~$
Hey Peter,
Try again, but this time copy and paste the command from the tutorial itself, don’t copy and paste it from my comments.
The comments on WordPress aren’t formatted as standard HTML (which is what is in the grey boxes in the tutorial); that’s why the “-” symbol in front of webroot isn’t being recognized by your SSH terminal.
Talk to you soon, 🙂
Joe
Dear Joe,
I type the command: ./certbot-auto certonly –webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d badmintonvillage.com -d http://www.badmintonvillage.com and it required me to reset the certificate, and i click yes. However, still not works for getting the SSL.
The Result shows :
– Congratulations! Your certificate and chain have been saved at
:
/etc/letsencrypt/live/badmintonvillage.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/badmintonvillage.com/privkey.pem
Your cert will expire on 2018-01-02. To obtain a new or tweake
d
version of this certificate in the future, simply run certbot-
auto
Peter,
Did you restart your server? Run the following command in the terminal:
sudo /opt/bitnami/ctlscript.sh restart apache
Talk to you soon, 😀
Joe
Dear Joe,
After putting the restart command, i put the step 3 command again. And then restart again. Still cant access SSL.
The result:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/badmintonvillage.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/badmintonvillage.com/privkey.pem
Your cert will expire on 2018-01-02. To obtain a new or tweaked
Hey Peter,
Your certificates are still not showing up as configured properly, but I know that isn’t the case because I’ve ruled that out.
For this reason, this points to an error in your Apache configuration, possibly in your bitnami.conf file.
If you’d still like support, please send me the entire contents of your bitnami.conf file and I will take a look at it.
Please send it to support@onepagezen.com.
Talk to you soon,
Joe
When i Restart Apache Server
It shown up:
Unmonitored apache
AH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bit
nami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage
.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 53 of /opt/bitnami/apache2/conf/bit
nami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/ badmintonvillage
.com/cert.pem’ does not exist or is empty
apache config test fails, aborting
Monitored apache
starwargift@badmintonvillage-vm:~$
Hi Leron, I am having the same issue as Peter on all my sites I try to do this with. Are you sure its not an error with the tutorial?
Hi Rob,
I’ve worked through this tutorial several times, and it works fine. However, the last time I ran through the tutorial I encountered the issue that you described and the way I solved it was by changing the permission level on the certificate directory. I will run through the tutorial again and see if I can reproduce the issue to give you a more thorough documentation on how to avoid/fix it.
Thanks for pointing this out. 🙂
Joe
What permission level did you set the certificate directory to? I’m currently having this issue.
Results from running apachectl configtest:
AH00526: Syntax error on line 58 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/mydomain.com/cert.pem’ does not exist or is empty
It does exist and it’s not empty because I checked running :
sudo nano /etc/letsencrypt/live/mydomain.com/cert.pem
While using FTP I’m unable to open the /etc/letsencrypt/live folder as bitnami user. Current permissions are:
700 root root
Would love to get this solved.
Thanks,
CJ
Figured it out.
I ran:
sudo chmod 755 /etc/letsencrypt/live
sudo chmod 755 /etc/letsencrypt/archive
apachectl configtest
sudo /opt/bitnami/ctlscript.sh restart apache
My SSL is now active. Hope this helps someone.
Let me know if this looks okay, Leron.
Peace
Hi CJ,
Looks good – I am glad you were able to get the issue resolved.
Did you change the file permissions initially? I’m interested because this isn’t an issue that I see regularly.
Talk to you soon,
Joe
Hi CJ,
This syntax error is usually caused by there being extra ‘spaces’ after your file paths.
So go to line 58, where each of your 3 certificate file paths are listed, and make sure there are no extra spaces after each of the 3 file paths.
Let me know if you have any questions,
Joe
Not that I recall, haven’t changed anything since I originally set it up.
Thanks for letting me know CJ!
Hi, thanks very much for the helpful tutorial! When trying to obtain a new certificate, I got the following error. Any help is appreciated.
Chris
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for globalgocare.com
http-01 challenge for http://www.globalgocare.com
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. http://www.globalgocare.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficien
t authorization :: Invalid response from http://www.globalgocare.com/.well-known/acme-challenge/JnaGPMHqkk2puEIPHBtnhHtsy
OxwuxbIJA6jbSuTwyc: ”
<meta name="viewport" content="width="
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.globalgocare.com
Type: unauthorized
Detail: Invalid response from
http://www.globalgocare.com/.well-known/acme-challenge/JnaGPMHqkk2puEIPHBtnhHtsyOxwuxbIJA6jbSuTwyc:
"
<meta name="viewport" content="width="
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
above should end with “contain(s) the right IP address.”
Joe, I also did your tutorial on domain name configuration and did that work and everything went fine. I’m noticing a thread there “From Google Cloud Platform dashboard, go to cloud DNS. Check your IP address of your A record. Go to your VM instance page, look at the IP address of the VM instance that is running your WordPress website. Do they match?” I’m using the Bitnami click to deploy app. I don’t have a cloud DNS zone. Let me know if that’s part of my problem. Thanks.
My domain registrar is Google.
Hi Chris,
You need to have a DNS zone that is managing the IP/domain that is running your instance, as shown in this tutorial. What the certbot error is essentially saying is, “the nameservers of this domain aren’t connected to your Google Cloud Platform account, so for that reason you don’t have permission to issue certificates for that domain”.
Take a look at the tutorial that I sent you in the link, and after you’ve completed that let me know if you have any questions.
Best regards, 🙂
Joe
You’re very kind, and I’m pretty inexperienced in this! I followed your directions for transferring the domain name and reserving a static IP address. But my site isn’t available now. I assume it’s related to the following: when I change the name servers at Google Domains, I get the message, “It looks like you’ve changed your name servers. All settings for your domain (including website, email, synthetic records and resource records) are currently disabled. To enable these settings, you will need to restore the Google Domains name servers. ” Thanks for any help. Chris
Hi Chris,
When you changed your name servers on Google, you basically opted to manage your domain name through Google Cloud DNS instead of through Google domains.
I think the issue with your website not loading likely has to do with your nameservers and DNS not being configured properly. In addition, make sure your WordPress domain name URLs are set to globalcare.com or http://www.globalcare.com. StackOverflow is also a great resource to use when troubleshooting a DNS configuration.
Good luck, and let me know if I can be of further assistance. 🙂
Joe
Joe, the site is up again, but with the “not secure” warning in the address bar, and the changes seem to have taken out my G-Suite email, which may be part of the coordination problem. I don’t want to take advantage of your good will here, and would be OK paying you to go through my settings with me and get everything on track. Let me know. Thanks, Chris
Hi Chris,
I sent you an email requesting images from your Cloud DNS, Google Domains DNS, and Cloud VM instances page. I will take a look at the images to see if there are any basic issues that can be quickly and easily resolved.
Talk to you soon,
Joe
All set up with a SSL Cert and G Suite functioning well. Thanks for all the help!
Hey Chris,
I am glad to hear that everything is working well! 🙂
Let me know if you ever have questions or suggestions for future tutorials!
Best,
Joe
Hi Leron
Thanks for your reply.
I have connection via sftp but the problem is probably permissions. I can see the files but I am able to download only some of them but not the keys.
I am afrate if I change the permissions to sub files and folders they may be different permissions in each of them. I am afrate to not mestup all of them.
Best regards
Hey Georgi,
What you could do is just change only the permissions of the file that you want to edit, within the SSH terminal as shown in this tutorial. Change permissions to 777, download and edit the file (or whatever you want to do with it), and then change the permissions back.
Hope this answers your question! 🙂
Joe
Where ssl certificate store in google compute wordpress Bitnami. I want installed ssl certificate but I don’t know where is save certificate. I’m installing certificate suggested step by you. please Email me root name where ssl store.
and please suggest how to enable google cdn for compute engine (wordpress by Bitnami) & setup Load balancing…….
Thanks for very helpful articles
Hey Raj,
The load balancing and CDN tutorials are in the making.
They’ve been difficult tutorials to simplify, so that’s why they are taking awhile to make.
Stay tuned, and make sure to join the mailing list to be notified when the tutorials are released!
Talk to you soon,
Joe
Hey Raj,
All of your SSL certificates are located in the folder located at: /etc/letsencrypt/live/YOURDOMAIN.com/
You can view each of the certificate files by executing the command: ls /etc/letsencrypt/live/YOURDOMAIN.com/
Remember to replace YOURDOMAIN.com with your own domain name.
If you want to download the certificates, you can use an FTP client such as FileZilla to locate and download the certificate files (see this tutorial).
Let me know if this answers your question.
Talk to you soon, 😀
Joe
Hi Leron
thank you for you great tutorials! Everything works just fine! Thank you for you quick responds as well!
I have just one question regarding ssl on google cloud. I can not backup the ssl key as I suppose to do following the tutorials for some premision reasons I guess. Can you help out with that?
Thank you in advance
Best regards
Hey Georgi,
I am glad everything is working fine!
Are you looking to backup your SSL certificate files?
You can open up the files and and copy and paste the contents in to a text editor – then save the file with the correct file extension (.pem).
The other thing you can do is download the files via FTP, which I set up in this tutorial.
Let me know if this answers you question. 😀
Talk to you soon,
Joe
Hello Joe,
Thanks for this tutorial. It is really helpful and I will try this out. There were a few decisions that you made that prompted some questions. Such as why do you prefer to use ‘www’ when setting up your wp-config.php file? Also, should I upload all images to the site before setting up the ssl certificate or doesn’t it matter ? Sorry if I have asked you this one before but I am still a unsure how images are treated for ssl.
Thanks for your help.
Ben
Hey Benjamin,
I hope you’ve been well! I was happy to see your name popup in the comment feed. 🙂
Regarding your first question – I just personally prefer to use www. with my domains, but you can find a million arguments on the internet arguing that www is better than non-www for SEO, and vise versa. Honestly, I don’t think it matters one way or the other as long as you choose one and stick with it.
As far as uploading images is concerned, I would recommend uploading your pictures after you’ve completed the tutorial, as this will save you from having to change your image URLs later on.
Also, before starting the tutorial, I would recommend taking a snapshot of your instance as a backup, according to step 1 only of this tutorial.
Let me know if you run into any issues with the tutorial, as I would be more than happy to help you through them.
Talk to you soon!
Joe
What did you think of this revised version of the Bitnami SSL certificate tutorial?
Did you find it easier, more challenging, not much different?
Please share your questions and comments below!
Thanks,
Joe
I found it perfect. Helped me a lot just when I almost gave up. I was thinking that I would need to change back to HTTP and had no idea how to do that with this bitnami installation. When I found your tutorials it changed my day to great. Truly thanks
Glad it helped you, Daniel! 😀
Thanks for sharing your experience!