[Bitnami Apache Wordpress Google Cloud Platform] SSL auto renew is not working

[Owenhenderson]

Platform

Google Cloud Platform

bndiagnostic ID know more about bndiagnostic ID

SSL auto renew is not working

bndiagnostic output

No response

bndiagnostic was not useful. Could you please tell us why?

SSL auto renew is not working

Describe your issue as much as you can

Using SSH to create the initial SSL certificate using bncert-tool. However it appears that no file has been saved into .well-known which is required for the auto renew of the SSL. When checking file and directory permissions all seams ok giving result as drwxrwxr-x (775)
When trying to access https://SERVER-IP/.well-known it is blocked by "403 Forbidden You don't have permission to access this resource".
I have attempted to modify the bitnami.conf file through SSH but not changes suggested by chatgpt or gemini work.

[Owenhenderson]

owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache2/conf/bitnami$ sudo mkdir -p /opt/bitnami/apache/htdocs/.well-known/acme-challenge
echo "test" | sudo tee /opt/bitnami/apache/htdocs/.well-known/acme-challenge/test.txt
test
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache2/conf/bitnami$ sudo mkdir -p /opt/bitnami/apache/htdocs/.well-known/acme-challenge
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache2/conf/bitnami$ cd /opt/bitnami/apache/htdocs/.well-known/acme-challenge
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ ls
test.txt
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ sudo chmod -R 755 /opt/bitnami/apache/htdocs/.well-known
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ sudo chown -R bitnami:bitnami /opt/bitnami/apache/htdocs/.well-known
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ sudo /opt/bitnami/ctlscript.sh restart apache
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ sudo /opt/bitnami/ctlscript.sh status
apache already running
mariadb already running
php-fpm already running
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ ls -l /opt/bitnami/apache/htdocs/.well-known/acme-challenge/test.txt
-rwxr-xr-x 1 bitnami bitnami 5 Feb 4 06:36 /opt/bitnami/apache/htdocs/.well-known/acme-challenge/test.txt
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ sudo ls -l /opt/bitnami/apache/htdocs/.well-known/acme-challenge/
total 4
-rwxr-xr-x 1 bitnami bitnami 5 Feb 4 06:36 test.txt
owenhenderson@naturalvanilla-uk-vm:/opt/bitnami/apache/htdocs/.well-known/acme-challenge$ curl -I http://localhost/.well-known/acme-challenge/test.txt
HTTP/1.1 404 Not Found
Date: Tue, 04 Feb 2025 06:48:57 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

[gongomgra]

Hi @Owenhenderson

Thanks for using Bitnami and sorry for the delay. Can you provide us with more information on the issue you are facing? Is the bncert-tool failing with errors? Which version of the tool are you using? Default file system permissions and configuration should be fine for the SSL certificate to be properly generated.

[Owenhenderson]

Hi, thanks for getting back to me. No matter what we tried the auto renew would not work. We went through all available information in detail but with no success. The cronjob that was installed by the bncert-tool and was running but failed every time to renew the ssl certificate. We were unbale to determine the exact reason why but it seams that no file was being written to .well-known and we also could not access .well-known despite changing file permissions.

We did however manage to get the ssl to auto renew using the alternative approach of setting up a different cronjob and running this script:

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego --tls --email="your email address" --domains="yourdomain" --domains="www.yourdomain" --path="/opt/bitnami/letsencrypt" run
sudo /opt/bitnami/ctlscript.sh start apache

As shown in the script the auto renew will only work by stopping Apache and then restarting.