Apache configuration

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

When the specified command is run, it is referring to the default apache installation. But we have another apache installation on the same server. What need to be done so that the certbot refers to our custom apache installation. Please suggest.

My domain is: www.esamstha.com

I ran this command: sudo /usr/local/bin/certbot-auto --apache

It produced this output:

root:~# sudo /usr/local/bin/certbot-auto --apache
/usr/local/bin/certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto -deployment-best-practices/91979/
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/ primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove supp ort. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): www.esamstha.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.esamstha.com
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Encountered exception during recovery:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/error_handler.py”, line 124, in _call_registered
self.funcs-1
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 220, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2293, in cleanup
self.restart()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2163, in restart
self._reload()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2190, in _reload
raise errors.MisconfigurationError(error)
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

My web server is (include version): Apache Tomcat - 8.0.33

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.26.1

2

Hi @kchowdary.k

if you use Tomcat, you can't use the standard --apache plugin.

Use certonly and webroot:

certbot run -a webroot certonly -w yourTomcatWebroot -d esamstha.com -d www.esamstha.com

If this is done, additional steps (creating a pfx) are required so Tomcat is able to use the certificate.

3

PS: You have already two certificates created ( https://check-your-website.server-daten.de/?q=esamstha.com#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-01 2019-09-29 www.esamstha.com - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-07-01 2019-09-29 www.esamstha.com - 1 entries duplicate nr. 1

But the non-www version is missing.

4

Thank you for the response. I have this command couple of times, but I got errors. So i was under the impression certificates are not created. Do I need to delete these certificates? if so, how?
Any detailed reference/installation document would help. Pls suggest.
Thank you so much.

5

No. Never delete active certificates.

6

I got below error when I ran the suggested certificates.
It says it cannot recognize argument - ‘certonly’

certbot run -a webroot certonly -w /opt/tomcat/apache-tomcat-8.0.33 -d esamstha.com -d www.esamstha.com

usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: certonly

7

Beside stating the obvious - you are running an obsolete web server on an obsolete operating system, is there really a point about ‘securing’ the connection ? what use is a secured connection with a hacked server ? - you could get automated renewal by running a more standard web server (apache httpd or nginx) as frontend that would proxy tomcat through http. The classic web server would handle all ssl/tls business, leaving application worries to tomcat.

8

thank you for the suggestion.

9
  • your certbot is too old, 0.26 -> update it (and / or)
  • my permanent error: run requires an installer, remove the run
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.