AWS / ubuntu 20.04 OLS 1.7.* => SSL not working

[AioGreg]

Hi guys,
first message here as a new OLSian (?)
Installed 1 click OLS with WP successfully, site running, webadmin console OK, but can't make ssl work.
It seems trivial for most of you I guess, but as far as I understand I followed the steps, getting a certbot certificate successfully, input privkey and fullchain + chained yes both in the Vhost config and listener, renewed the certificate several times... still a website "not secure"
many hours looking on the net, can't find any similar case.
Don't know if this is related, but my access log says that:
2022-07-31 06:19:39.006317 [DEBUG] [28480] [SSL: 0x1bfe718] checkError returned 2, first er
ror: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0), last error: e
rror:00000000:invalid library (0):OPENSSL_internal:invalid library (0)

Could my wp-config.php be involved?
I run the .htaccess.swp created by OLS

Any help for a beginner would be welcome

 

[AioGreg]

In complement:
- initially using the /etc/letsencrypt/... path I tried to move it to an lsws folder with proper permissions, but it didn't change anything
- Running WP on a multisite mode
- removed rewrite rules in case + context security headers
- ufw disabled but under AWS firewall setup properly
- Openlitespeed listening properly on port 443 (netstat)

It seemed so simple on tutos, but I'm not sure how to solve it now.
Since Certbot can't "install" certificates on my install I'm thinking about Openssl or libressl.
Are they (still) supported?

 

[AioGreg]

OK, sorry
Actually, classic mistake, I combined multiple configs/tests at the same time, making me miss the simple and right configuration issue.
It all started with not inputting the SSL certificates at the Vhost AND at the listener level. so that I added different solutions like a WP plugin which probably messed up with OLS SSL. Returning to a clean situation, I was able to get on https. What a marathon.
By the way it doesn't make much sense to me, since I might have the need of different certificates for different domain, but I can have only one listener on 443.
Without the SSL certificates at the listener level, OLS won't listen to port 443.
Any solution for OLS to listen to port 443 without having a specific domain SSL certificate at the listener level?
Thanks for reading btw lol

 

[AioGreg]

I kind of got the answer to this too. Lower levels (context / Virtual host) seem to override higher levels (Listener, Server config).
A point on a totally different topic.
I've had a hard time setting up my security headers but finally understood that VH contexts appliy only if applicable IPs are specified in the "Allowed" section.
In the same idea, rewrite rules will apply only if IPs are specified otherwise, the "Rewrite" tab applies.
Now I have an env on track and quite performing well with default theme.
Can't wait to see the improvements with LS Cache...
Anyway good luck to everyone.

 

[Cold-Egg]

Glad to know that you have it fixed.
Here're some useful docs related to your question, just in case you needed,

• https://docs.openlitespeed.org/configuration#set-up-ssl-for-virtual-hosts
• https://docs.litespeedtech.com/cloud/images/wordpress/#how-do-i-create-additional-virtual-hosts

 

[AioGreg]

Interesting documents, thanks a lot @Cold-Egg.
However, I'm not sure these docs are addressing the challenge of multiple SSL certificates for the same listener.
Again, thanks for your feedback.
Greg