Wordpress AWS Lightsail Letscert SSL Error

[smartthoughtuk]

Describe your issue as much as you can

I have an existing AWS Lightsail Wordpress instance with an active SSL from Letscert and I had setup a new updated AWS Lightsail Wordpress instance with higher configuration and moved my site files and now trying to setting up SSL on a new updated AWS lightsail Wordpress instance and it is throwing the below error.

An error occurred creating certificates with Let's Encrypt:

private keys obtained from Let's Encrypt so making regular backups of this folder is ideal. 2024/04/30 16:30:47 No key found for account host@domain.yyy.xx. Generating a P256 key. 2024/04/30 16:30:47 Saved key to /opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/host@domain.yyy .xx/keys/host@domain.yyy.xx.key 2024/04/30 16:30:48 [INFO] acme: Registering account for host@domain.yyy.xx 2024/04/30 16:30:48 [INFO] [domain.yyy.xx, www.domain.yyy.xx] acme: Obtaining bundled SAN certificate 2024/04/30 16:30:50 [INFO] [domain.yyy.xx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xx5gg3fft5ff 2024/04/30 16:30:50 [INFO] [www.domain.yyy.xx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xx5gg3fft5ff 2024/04/30 16:30:50 [INFO] [domain.yyy.xx] acme: use tls-alpn-01 solver 2024/04/30 16:30:50 [INFO] [www.domain.yyy.xx] acme: use tls-alpn-01 solver 2024/04/30 16:30:50 [INFO] [domain.yyy.xx] acme: Trying to solve TLS-ALPN-01 2024/04/30 16:30:57 [INFO] [www.domain.yyy.xx] acme: Trying to solve TLS-ALPN-01 2024/04/30 16:31:03 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xx5gg3fft5ff Press [Enter] to continue: 2024/04/30 16:31:04 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xx5gg3fft5ff 2024/04/30 16:31:04 Could not obtain certificates: error: one or more domains had a problem: [domain.yyy.xx] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge [www.domain.yyy.xx] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge

I am looking for help to setup SSL on my new AWS Lightsail Wordpress instance. I am planning to stop the current instance once the new instance SSL is activated. I followed the steps here to setting up the SSL - https://docs.aws.amazon.com/en_us/lightsail/latest/userguide/amazon-lightsail-enabling-https-on-wordpress.html

Appreciate any help. SSR

[gongomgra]

Hi @smartthoughtuk,

Thanks for using Bitnami. According to the logs your shared, there is an issue with your www domain. You will have to update the DNS registry for it with new IP address, and generate the new SSL certificate from the new instance once it has been fully propagated.

You can check the IP address your domains are pointing to at https://www.whatsmydns.net/

[smartthoughtuk]

Hi @gongomgra we have attached the existing public static ip to the new instance and the DNS details remain the same as the current one as it is the same domain name and the only bit that is changing is the new instance. Am I missing something here, appreciate your help.

[gongomgra]

Hi @smartthoughtuk,

Thanks for your message. In that case (attaching the public IP to another machine), then there shouldn't be necessary to do any modification in the DNS configuration. Can you double-check in the new machine that the IP address is correctly configured?

ip add l

Can you also check the version of the lego tool? Can you try installing the last one and following the alternative approach tutorial?

lego --version

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.