On my lightsail instance I have tried to use the bncert-tool to setup an SSL cert, but it fails on the final part which is enabling auto-renewal. I got it working by manually renewing it https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-bitnami-renew-ssl-certificate/ (It kept renewing successfully but would not show on the website, except for the first time, which I have no idea why?
2023/03/16 22:59:39 [INFO] [MYDOMAIN] acme: Trying renewal with 2158 hours remaining
2023/03/16 22:59:39 [INFO] [MYDOMAIN] acme: Obtaining bundled SAN certificate
2023/03/16 22:59:39 [INFO] [MYDOMAIN] AuthURL: https://acme-v02.api.letsencrypt.org
/acme/authz-v3/
2023/03/16 22:59:39 [INFO] [MYDOMAIN] acme: authorization already valid; skipping c
hallenge
2023/03/16 22:59:39 [INFO] [MYDOMAIN] acme: Validations succeeded; requesting certi
ficates
2023/03/16 22:59:40 [INFO] [MYDOMAIN] Server responded with a certificate.
And now I've reached the limit of 5 certs) but then I tried to use bncert again and now no method is working. But regardless I would like to get the automatic method working if possible.
Domain MYDOMAIN did not pass HTTP challenge validation
https://docs.bitnami.com/google/how-to/understand-bncert/#certificates-not-renewed-automatically
This page lists a solution but I still can't manage to get it working. I'm not sure if I have set the flags in the correct place?
RewriteCond %{REQUEST_URI} !^/\.well-known
ProxyPass /.well-known !
I placed them in my virtual host files
myapp-https-vhost.conf
<VirtualHost _default_:443>
RewriteCond %{REQUEST_URI} !^/\.well-known
ServerAlias *
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache/conf/MYDOMAIN.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/MYDOMAIN.key"
DocumentRoot "/home/bitnami/htdocs/staging-api"
<Directory "/home/bitnami/htdocs/staging-api">
Require all granted
</Directory>
ProxyPass /.well-known !
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
myapp-http-vhost.conf
<VirtualHost _default_:80>
RewriteCond %{REQUEST_URI} !^/\.well-known
ServerAlias *
DocumentRoot "/home/bitnami/htdocs/staging-api"
<Directory "/home/bitnami/htdocs/staging-api">
Require all granted
</Directory>
ProxyPass /.well-known !
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
I also placed it in the public/.htaccess file because someone suggested it should go there.
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.html [QSA,L]
RewriteCond %{REQUEST_URI} !^/\.well-known
Not really sure where these flags are meant to go
`