Bitnami: Configurar Let's Encrypt SSL en Apache 2.4
Fuente: https://docs.bitnami.com/general/how-to/understand-bncert/
Fuente: https://docs.bitnami.com/aws/how-to/understand-bncert/
Fuente: https://www.youtube.com/watch?v=BF4OlDwPZds
Generar un certificado SSL
Ingresar a la carpeta de instalación de bitnami
# cd /opt/bitnami/
Ejecutar el comando bncert-tool
# ./bncert-tool
Seguir las instrucciones.
----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.
----------------------------------------------------------------------------
Domains
Please provide a valid space-separated list of domains for which you wish to
configure your web server.
Domain list []: subdominio.dominio.com
The following domains were not included: www.subdominio.dominio.com. Do you want to add them? [Y/n]: n
Warning: No www domains (e.g. www.example.com) or non-www domains (e.g.
www.example.com) have been provided, so the following redirections will be
disabled: non-www to www, www to non-www.
Press [Enter] to continue:
----------------------------------------------------------------------------
Enable/disable redirections
Please select the redirections you wish to enable or disable on your Bitnami
installation.
Enable HTTP to HTTPS redirection [Y/n]: Y
----------------------------------------------------------------------------
Changes to perform
The following changes will be performed to your Bitnami installation:
1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains: subdominio.dominio.com
3. Configure a cron job to automatically renew the certificate each month
4. Configure web server name to:
subdominio.dominio.com
5. Enable HTTP to HTTPS redirection (example: redirect http://subdominio.dominio.com
to https://subdominio.dominio.com)
6. Start web server once all changes have been performed
Do you agree to these changes? [Y/n]: Y
----------------------------------------------------------------------------
Create a free HTTPS certificate with Let's Encrypt
Please provide a valid e-mail address for which to associate your Let's Encrypt
certificate.
Domain list: subdominio.dominio.com
Server name: subdominio.dominio.com
E-mail address []: email@correo.com
The Let's Encrypt Subscriber Agreement can be found at:
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]: Y
----------------------------------------------------------------------------
Performing changes to your installation
The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.
----------------------------------------------------------------------------
Success
The Bitnami HTTPS Configuration Tool succeeded in modifying your installation.
The configuration report is shown below.
Backup files:
* /opt/bitnami/apache2/conf/httpd.conf.back.202106121242
*
/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.2021061
21242
* /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202106121242
Find more details in the log file:
/tmp/bncert-202406121242.log
If you find any issues, please check Bitnami Support forums at:
https://github.com/bitnami/vms
Press [Enter] to continue:
Luego de configurar, para las renovaciones, notará que en el crontab se a programado la ejecución de un script, por ejemplo:
# crontab -l
0 0 * * * /opt/wordpress/letsencrypt/lego --path /opt/wordpress/letsencrypt --email="correo@correo.com" --http --http-timeout 30 --http.webroot /opt/wordpress/apps/letsencrypt --domains=nombre.dominio.com renew && /opt/wordpress/apache2/bin/httpd -f /opt/wordpress/apache2/conf/httpd.conf -k graceful # bncert-autorenew
Revocar un certificado SSL
No se aconseja revocar un certificado, sino crear un nuevo certificado. Si revoca tendrá que modificar manualmente algunos archivos de configuración para que el servidor apache inicie de nuevo.
Comando para listar certificados instalados:
# /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt list
Comando para revocar un certificado:
# /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="jonycaleb@gmail.com" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=subdominio.dominio.com revoke
Para el servicio de Apache:
#/opt/bitnami/ctlscript.sh stop apache
Iniciar el servicio de Apache (no iniciará, deberás resolverlo interpretando los mensajes de error):
#/opt/bitnami/ctlscript.sh start apache
Puedes revisar el log de error:
# cat /opt/bitnami/apache2/logs/error_log
