0

I am trying to renew the Let's encrypt certificate for an AWS Ubuntu instance that is running Bitnami Parse-Server for the purpose of being the backend for an iOS app. When the iOS app crashed with message "Sign on failed, the data couldn't be read because it isn't in the correct format" I assumed that the Let's encrypt certificate needed to be renewed and took the following steps and got the following error:

  1. Stopped my apache server and parse-server sudo service apache2 stop; sudo /opt/bitnami/ctlscript.sh stop

  2. Ran the Let's encrypt tool sudo /opt/bitnami/bncert-tool

  3. Allowed it to install the newest version and then restarted the tool the same way sudo /opt/bitnami/bncert-tool

  4. Used tool to renew certificate but after the step where I enter domain received error:

    Error: There has been an error. Cannot bind to port 80 and/or 443. These ports are used for Let's Encrypt to verify the domain DNS configuration. Please stop any services using those ports, and ensure your system user has permissions to bind to them.

When I searched online for how to address this issue it seems that stopping apache fixed any issues for everyone else. How can I renew a certificate using Let's encrypt? Is there a way to determine what is causing this binding issue since it is not the apache or parse server?

Per a commenter's request this is UPDATED result when I run sudo ss -tnlp after killing Parse and Apache2, I noticed that http.bin is still active? :

sudo /opt/bitnami/ctlscript.sh stop
sudo service apache2 stop
bitnami@ip-172-31-22-220:~$ sudo ss -tnlp
State       Recv-Q Send-Q           Local Address:Port                          Peer Address:Port              
LISTEN      0      128                          *:22                                       *:*                   users:(("sshd",pid=1242,fd=3))
LISTEN      0      128                         :::22                                      :::*                   users:(("sshd",pid=1242,fd=4))
LISTEN      0      128                         :::443                                     :::*                   users:(("httpd.bin",pid=17756,fd=6),("httpd.bin",pid=17667,fd=6),("httpd.bin",pid=17666,fd=6),("httpd.bin",pid=16633,fd=6),("httpd.bin",pid=15776,fd=6),("httpd.bin",pid=15769,fd=6))
LISTEN      0      128                         :::80                                      :::*                   users:(("httpd.bin",pid=17756,fd=4),("httpd.bin",pid=17667,fd=4),("httpd.bin",pid=17666,fd=4),("httpd.bin",pid=16633,fd=4),("httpd.bin",pid=15776,fd=4),("httpd.bin",pid=15769,fd=4))
bitnami@ip-172-31-22-220:~$ ps -ef | grep 17756
daemon   17756 16633  0 Jul11 ?        00:00:03 /opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf
bitnami  19359 19181  0 00:51 pts/0    00:00:00 grep --color=auto 17756
Daniel Patriarca
  • 101
  • 1
  • Run `sudo ss -tnlp` to find out what services are listening to what ports. – Michael Hampton Jul 18 '20 at 19:52
  • It should be possible to do letsencrypt without stopping Apache (it can either hook its own config to catch the relevant well-known urls, or simply write into the applicable folder in the document root). At least this is the case with the certbot-auto client, but I don't know the command line options for the bncert – Hagen von Eitzen Jul 18 '20 at 21:05
  • Updating question with results of service listing – Daniel Patriarca Jul 18 '20 at 22:02
  • Bitnami Engineer here, the ctlscript.sh stop command should stop all the services (including the Apache's one). However, there are cases in which the service can't be stopped because the permissions of the different scripts have been modified and the files can't be run. Can you share the output of the `sudo /opt/bitnami/ctlscript.sh stop apache` command? Can you also include the output of this other command? `sudo ls -la /opt/bitnami/apache2/scripts/` – Jota Martos Jul 21 '20 at 09:25

1 Answers1

1

Looks like your Apache server is still running. (So is your Node app.) You should kill it yourself if the Bitnami scripts failed to stop it.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • I updated the question. It looks like httpd.conf is still in the ps -ef even thought I stopped apache and the node app. Am I doing something wrong? – Daniel Patriarca Jul 19 '20 at 02:31
  • 1
    @DanielPatriarca Yes, you didn't kill it yourself as I'd advised. – Michael Hampton Jul 19 '20 at 02:31
  • I thought you meant to manually stop the apache, I feel like I should have to kill -9 each process that was listed, but I can do that. Is there a reason that httpd would fail to end its process when stop the server and apache? I would think that if that was a required step in the bn-cert tool I wouldn't be the only one affected and I also never had this problem before – Daniel Patriarca Jul 19 '20 at 02:34
  • 1
    @DanielPatriarca I have no idea. It's a Bitnami issue apparently. Most of us don't use Bitnami as it's not really suitable for production websites (their claims to the contrary notwithstanding; I won't go anywhere near their stuff). – Michael Hampton Jul 19 '20 at 02:44
  • Thanks for the guidance, killing the httpd.conf processes manually got me past the error. I have a new error where it won’t accept my email, but since that’s bitnami tool I posted on their community site. Just out of curiosity, if bitnami isn’t good for production what would you recommend? – Daniel Patriarca Jul 19 '20 at 03:14
  • 1
    Generally we just install the web servers and configure them ourselves. – Michael Hampton Jul 19 '20 at 04:08