Apache "bad group name"


#1

Greetings -

Please be patient, although I have experience setting up Apache servers on Linux, this is my first foray into using Let’sEncrypt and CertBot. The system is running Oracle Linux 6.6 (binary compatibility with RHEL 6.6) and Apache (but installed in a non-standard location). Ultimately, when attempting to launch the error stipulates ‘Error while running apachectl configtest.\n\nhttpd: bad group name oracle’) - but if I run ‘apachectl configtest’ manually - response is ‘Syntax OK’.

Here are some of the commands and results executed while trying to troubleshoot.

[oracle@eb7bb4 ~]$ date ; pwd ; id ; which apachectl ; apachectl -v
Tue May 29 15:44:21 EDT 2018
/home/oracle
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba)
/app/sieb_home/web/bin/apachectl
Server version: Apache/2.2.31 (Unix)
Server built: May 16 2016 22:08:12

[oracle@eb7bb4 ~]$ sudo ~/certbot/certbot-auto --apache -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator apache and installer apache
Error while running apachectl configtest.

httpd: bad group name oracle

Misconfigured PluginEntryPoint#apache: Error while running apachectl configtest.

httpd: bad group name oracle
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2048, in config_test
util.run_script(self.constant(“conftest_cmd”))
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/util.py”, line 85, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apachectl configtest.

httpd: bad group name oracle

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/plugins/disco.py”, line 126, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 206, in prepare
self.config_test()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2050, in config_test
raise errors.MisconfigurationError(str(err))
certbot.errors.MisconfigurationError: Error while running apachectl configtest.

httpd: bad group name oracle

Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f337dc406a0>
Prep: Error while running apachectl configtest.

httpd: bad group name oracle

Selected authenticator None and installer None
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Error while running apachectl configtest.\n\nhttpd: bad group name oracle\n’,)

[oracle@eb7bb4 ~]$ cat /app/sieb_home/web/conf/httpd.conf | grep -v ‘^#’ | grep -EHni ‘user|group’
(standard input):9:User oracle
(standard input):10:Group oinstall
(standard input):79: LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined
(standard input):84: LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i” %I %O” combinedio

[oracle@eb7bb4 ~]$ which apachectl
/app/sieb_home/web/bin/apachectl

[oracle@eb7bb4 ~]$ apachectl configtest
Syntax OK

[oracle@eb7bb4 ~]$ sudo ~/certbot/certbot-auto --apache --apache-server-root /app/sieb_home/web/htdocs --apache-logs-root /app/sieb_home/web/log --apache-le-vhost-ext /app/sieb_home/web/conf/extra/httpd-ssl.conf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

httpd: bad group name oracle

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Error while running apachectl configtest.\n\nhttpd: bad group name oracle\n’,)

Ultimately, not quite sure why it’s interpreting ‘oracle’ as the group instead of ‘oinstall’ - but any guidance would be appreciated.

Thanks again.


#2

Maybe both exist: A user and a group named oracle…
compgen -u | grep oracle
compgen -g | grep oracle


#3

I think he set group name of httpd / apache to oracle… (which doesn’t exist…)

Can you show us the group name section of your httpd.conf ?@dbsbug (Just paste sections to pastebin.com and share us the link)

Thank you


#4

Those seem to be the lines from the httpd.conf file.


#5

True… My mistake…

@dbsbug The group doesn’t exist on your server. Can you try to change it to another group (And make sure that the user is in that group) or Run this command to add the group groupadd oinstall (Don’t forget to grant this group permission & add the user to this group)

Thank you


#6

Well, I think I’ve uncovered the root cause. As background, I’m using instances on the Oracle Compute Cloud with images from their marketplace. Apparently, there are actiually 2 Apache instances installed - and only one of which is operational. 1st is in /etc/httpd and it specifies user=oracle and group=oracle. 2nd (operational) with user=oracle and group=oinstall. I think I finally got the parameters set correctly to completely ignore the 1st instance.

Thanks to all for the help. Now I’ll focus on the next issue …, Failure to generate the cert!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.