Adding Void Linux configuration to certbot-apache

Hello.

On Void Linux certbot-apache doesn't out of the box because the defaults used by it aren't applicable to the distro. I was thinking of adding a configuration for it to make the experience a bit better but I am not what those options should be. I thought of filing a PR and discussing it there but I think it's better to ask here first so here it goes.

In the certbot repo, I create a file named certbot-apache/certbot_apache/_internal/override_void.py with the contents:

""" Distribution specific override class for Arch Linux """
import zope.interface

from certbot import interfaces
from certbot_apache._internal import configurator
from certbot_apache._internal.configurator import OsOptions


@zope.interface.provider(interfaces.IPluginFactory)
class ArchConfigurator(configurator.ApacheConfigurator):
    """Arch Linux specific ApacheConfigurator override class"""

    OS_DEFAULTS = OsOptions(
        server_root="/etc/apache",
        vhost_root="/etc/apache/conf",
        vhost_files="*.conf",
        logs_root="/var/log/httpd",
        ctl="apachectl",
        version_cmd=['apachectl', '-v'],
        restart_cmd=['apachectl', 'graceful'],
        conftest_cmd=['apachectl', 'configtest'],
        challenge_location="/etc/apache/conf",
    )

The problem is Void Linux's apache package doesn't come with a directory that looks like an intended vhost_dir. So I am not sure what I should set the vhost_dir and vhost_files attributes.

Secondly I don't know what challenge_location means so I don't know what to set it to.

Any input regarding these two issues is appreciated. For reference I set up Apache to serve a simple static website and was able to install certificates using certbot --apache --apache-ctl /usr/bin/apachectl --apache-server-root /etc/apache. But it would be nice to have this preconfigured in the package which is why I am asking for help here.


Edit: The configuration files supplied by the package are as follows:

/etc/apache/extra/httpd-autoindex.conf
/etc/apache/extra/httpd-dav.conf
/etc/apache/extra/httpd-default.conf
/etc/apache/extra/httpd-info.conf
/etc/apache/extra/httpd-languages.conf
/etc/apache/extra/httpd-manual.conf
/etc/apache/extra/httpd-mpm.conf
/etc/apache/extra/httpd-multilang-errordoc.conf
/etc/apache/extra/httpd-ssl.conf
/etc/apache/extra/httpd-userdir.conf
/etc/apache/extra/httpd-vhosts.conf
/etc/apache/extra/proxy-html.conf
/etc/apache/httpd.conf
/etc/apache/magic
/etc/apache/mime.types
1 Like

Where does Void Linux' Apache put its virtualhosts files then? I'm not familiair with an Apache instance which does not have a specific place for separate virtualhosts files.

In the Gentoo overrides, it's the same as vhost_root, i.e.: where Apache can find a configuration file containing a virtualhost. The Apache plugin uses custom-build, temporary virtualhosts for the challenge files.

I think it would suffice to use the /etc/apache/extra/ for both directory options. The vhost_files is probably fine: all configuration files have the .conf extension, so the file used by certbot should probably use that too.

2 Likes

Here is some more information for you in the form of two of the default configuration files. Maybe you can find something I couldn't:

From the main config, the only reference I can find to a vhost config is the file /etc/apache/extra/httpd-vhosts.conf. It's commented out by default. But since it is not a dedicated vhosts directory I am a bit unsure. Any ideas?

It seems your default Apache doesn't have any virtualhosts configured. A minimum of one virtualhost needs to be configured for the Apache installer plugin to work. Not sure about the Apache authenticator tho..

The vhost_root option is used by the Apache plugin to select the directory where to put its modified configuration file containing the HTTPS virtualhost:

I'm still convinced setting it to /etc/apache/extra/ would work.

So it seems you need to do at least one thing manually on Void Linux: set up a virtualhost. If you use the template provided and the Apache authenticator and installer indeed actually work with your addition to the plugin, certbot would generate a /etc/apache/extra/httpd-vhosts-le-ssl.conf based on the original /etc/apache/extra/httpd-vhosts.conf.

1 Like

Thanks a lot for all the help.

Please let us know if you got things working!