Letsencrypt Get Start SSL Certificate on apache/bitnami ERR_CERT_AUTHORITY_INVALID

When visit to my site on firefox. Show below error.

NET::ERR_CERT_AUTHORITY_INVALID

OH, MY GOD!!!

Letsencrypt Get Start SSL Certificate on apache/bitnami

I’m search and show below information.

Distrusting WoSign and StartCom Certificates

https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html?m=1

Shit!!!!

I used to startcom free ssl. It’s big problem for me..

So, I found resolution. That’s Letsencrypt https://letsencrypt.org/

It’s need to learn how to use. And I explain to you bitnami of Letsencrypt on Ubuntu 14

1. Download the Let’s Encrypt Client

We need to download the certbot-auto Let’s Encrypt client from the EEF site.

When you run certbot-auto, The client will automatically pull down available updates as necessary

Copy file to system path directory.

cd /usr/local/sbin

sudo wget https://dl.eff.org/certbot-auto
If you can't start certbot-auto, stop webserver like "sudo apachectl start"

Make the script executable permission

sudo chmod a+x certbot-auto

2. Set Up the SSL Certificate

Generating the SSL Certificate for apache mode, I not recommend to automatic install. certonly is more to useful.

sudo certbot-auto certonly -d asecurity.so -d www.asecurity.so

For this example, the base domain will be asecurity.so

You will be asked to provide an email address for lost key recovery and notices. Input and agree then you can see below screen.

You should be able to find the generated certificate files at /etc/letsencrypt/live/YOURDOMAIN/

If you can’t access file, add to read permission.

sudo chmod a+r etc/letsencrypt/live

Then, I recommend to make a symlink to like that.

sudo ln -s /etc/letsencrypt/live/asecurity.so/cert.pem /opt/bitnami/apache2/conf/server.crt

sudo ln -s /etc/letsencrypt/live/asecurity.so/privkey.pem /opt/bitnami/apache2/conf/server.key

sudo ln -s /etc/letsencrypt/live/asecurity.so/chain.pem /opt/bitnami/apache2/conf/chain.crt

And Change to apache configuration.

nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Listen 443

SSLProtocol all -SSLv2 -SSLv3

SSLHonorCipherOrder on

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNUL$

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"

SSLSessionCacheTimeout 300

<VirtualHost _default_:443>

DocumentRoot "/opt/bitnami/apache2/htdocs"

SSLEngine on

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"

SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

SSLCertificateChainFile "/opt/bitnami/apache2/conf/chain.crt"

I just change file path. But another option I give to you. If you need to first setting to ssl in apache. Check out.

3. Make Auto Renewal

Let’s Encrypt certificates are valid for 90 day, And they are recommend to renew every 60 day.

certbot-auto client offer a renew command, its’ automatically checks the currently installed certificates and tries to renew them if they are less than 30 days.

Command is use simply.

certbot-auto renew

it is safe to create a cron job that runs every week.

sudo crontab -e

00 1 * * 0 /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log

Every Sunday 1 am run certbot-auto renew command

Now I solve my ssl problem. Yep!

Facebook Comments

1 comment on “Letsencrypt Get Start SSL Certificate on apache/bitnami ERR_CERT_AUTHORITY_INVALID”

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.