"Error while running apache2ctl graceful" Let's Encrypt on AWS Lightsail Bitnami

Question

Being the resident tech in the family I'm helping with launching the new family business website. My experience is extremely limited when it comes to coding and web development (I made a basic html/css website in high school). Please bear with me

So far I have the domain, hosting and DNS working. The host is AWS Lightsail with Wordpress running on Ubuntu 16.04 and Bitnami. Now I'm trying to get SSL setup as we want to have credit card payment on the website. After a couple of days of research I've gone down the path of Let's Encrypt and I'm trying to get the certificate on the server. Stop me if I've already made some sort of critical error.

Anyway, I'm using instructions from: https://certbot.eff.org/#ubuntuxenial-apache

and I've made some progress until. See the full paste from putty: https://pastebin.com/dhLs7c3A

root@ip-172-26-2-150:/home/bitnami# sudo certbot --apache -d profq.com.au -d www.profq.com.au

To summarize I ran the line: "root@ip-172-26-2-150:/home/bitnami# sudo certbot --apache -d profq.com.au -d www.profq.com.au"

and the issue starts at line:

"Error while running apache2ctl graceful. httpd not running, trying to start Action 'graceful' failed."

Any help or advice is greatly appreciated. Thank you

Answer 1

I run into the same issue yesterday and since no solution has been suggested I will write how I fixed it.

Apparently this issue is not directly connected with the Lightsail instance or the running Apache server, but with the Bitnami stack on top of it. Here are the steps to install letsencrypt certifiaticate, taken from here.

Prerequisite The first thing you need to do is make sure all the packages are updated on your server. You can do that with below command.

sudo apt update
sudo apt upgrade

1. INSTALL CERTBOT

First, create a directory where you want to install a Certbot client and move into that directory.

sudo mkdir /opt/bitnami/letsencrypt
cd /opt/bitnami/letsencrypt

Now go ahead and install the Certbot client from official certbot distribution. You also need to make sure that the script has the execute privilege.

sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x ./certbot-auto

Now run the certbot-auto script to complete the installation. The script might show some errors but you can ignore it. It will run and download all the dependency needed for it.

sudo ./certbot-auto

2. GENERATE CERTIFICATE

Once the Certbot client is installed, you can go ahead and generate the certificate for your domain.

sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apache2/htdocs/{example} -d www.example.com -d example.com

^{example} above is optional only if you don't store the file in the htdocs folder itself. www.example.com and example.com should be your domain name.

I run into issue after running this command since I didn't have CNAME record set for the www. version of my site. The error was: DNS problem: NXDOMAIN looking up A for www.example.com To fix it go to your lightsail page, open Netowkring tab and select the DNS zone for your site. Click on Add record under DNS records, select CNAME, in the subdomain enter just www and in the maps to field enter your domain without www. prefix. After doing that running the above command should pass without any issues.

If you need to get certificates for multiple domains, follow this guide. It is basically adding new path to each domains home directory, resulting in the following command:

certbot certonly --webroot -w /opt/bitnami/apache2/htdocs/example -d www.example.com -d example.com -w /opt/bitnami/apache2/htdocs/other -d www.other.net -d example.net

3. Link Let's Encrypt SSL Certificate to Apache

You can just copy your SSL certificate on these locations and restart Apache to enable the new file. But with this approach, you will have to copy the files again when you renew your certificate.

So the better approach is to create a symbolic link to your certificate files. Whenever you renew your license, it can take effect without this extra step.

You can use the below commands to create a symbolic link.

sudo ln -s /etc/letsencrypt/live/[DOMAIN]/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo ln -s /etc/letsencrypt/live/[DOMAIN]/privkey.pem /opt/bitnami/apache2/conf/server.key

Make sure that the certificate file name and path is correct. If you receive an error that file already exists, use the below command to rename the files. Then rerun the above two commands.

mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/serverkey.old
mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/servercrt.old

Once your symbolic links are in place you can restart the Apache server to make it into effect. Use the below command to restart the Apache server. You can restart it from the Lightsail page as well.

sudo /opt/bitnami/ctlscript.sh restart apache

That's it. After this, going to https://example.com should work and you should see your certificate.

Notice. The certificate is valid for 3 months only, so you need to refresh it every 3 months manually or make a cron job for that. To refresh it once it is time for that, follow the below commands:

sudo apt update
sudo apt upgrade
cd /opt/bitnami/letsencrypt
sudo ./certbot-auto renew
sudo /opt/bitnami/ctlscript.sh restart apache

Answer 2

Have you simply tried the Bitnami tool, sounds relevant to what you described it sounds like wordpress on lightsail.

To launch the Bitnami HTTPS Configuration Tool, execute the following command and follow the prompts:

sudo /opt/bitnami/bncert-tool

You may need to run sudo su to run as root.

This should easily fix the issue.