Certbot can't find apache web server anymore

Help
1

Hello, I previously used certbot command to install and renew certificates of my domains and subdomains, it automatically detected the apache virtual hosts and I just had to select the domain I want to renew in the list and it worked without problems for a lot of time.

My system:
Ubuntu 20.04.4 LTS x86_64
Certbot 1.29.0
I host my websites on apache2

After a system update certbot stopped working, I get this error:

root@ubuntu-server:~# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

letsencrypt.log file:

root@ubuntu-server:~# cat /var/log/letsencrypt/letsencrypt.log
2022-07-26 15:40:46,722:DEBUG:certbot.main:certbot version: 0.40.0
2022-07-26 15:40:46,722:DEBUG:certbot.main:Arguments: []
2022-07-26 15:40:46,722:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-07-26 15:40:46,729:DEBUG:certbot.log:Root logging level set at 20
2022-07-26 15:40:46,729:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-07-26 15:40:46,729:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2022-07-26 15:40:46,729:DEBUG:certbot.plugins.selection:No candidate plugin
2022-07-26 15:40:46,729:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

If I install python3-certbot-apache and run "certbot", I get this error:

root@ubuntu-server:~/apps/wgdashboard/src# certbot
An unexpected error occurred:
AttributeError: module 'certbot.plugins.common' has no attribute 'TLSSNI01'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmp053ykjqn/log or re-run Certbot with -v for more details.

Log of: /tmp/tmp053ykjqn/log

2022-07-26 16:34:04,098:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/main.py", line 1705, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/plugins/disco.py", line 241, in find_all
    plugin_ep = cls._load_entry_point(entry_point, plugins, with_prefix=False)
  File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/plugins/disco.py", line 261, in _load_entry_point
    plugin_ep = PluginEntryPoint(entry_point, with_prefix)
  File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/plugins/disco.py", line 60, in __init__
    self.plugin_cls: Type[interfaces.Plugin] = entry_point.load()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2445, in load
    return self.resolve()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2451, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3/dist-packages/certbot_apache/entrypoint.py", line 8, in <module>
    from certbot_apache import configurator
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 35, in <module>
    from certbot_apache import http_01
  File "/usr/lib/python3/dist-packages/certbot_apache/http_01.py", line 17, in <module>
    class ApacheHttp01(common.TLSSNI01):
AttributeError: module 'certbot.plugins.common' has no attribute 'TLSSNI01'
2022-07-26 16:34:04,098:ERROR:certbot._internal.log:An unexpected error occurred:
2022-07-26 16:34:04,098:ERROR:certbot._internal.log:AttributeError: module 'certbot.plugins.common' has no attribute 'TLSSNI01'

I can still renew and install certificates using "certbot certonly" command, but it's a real pain in the ass considering that I also have quite a few domains to renew.

Please help.

2

Well, we can dig into your Apache config to see what changed to confuse certbot now.

Or, the better first action is for you to update certbot to the snap version. Your 0.40 version is fairly old and numerous changes to Apache plug-in occurred since then. It's possible the same problem will persist. But, at least you'll be on a current version we can give better advice about.

Ubuntu 20 easily supports the snap version. Install instructions here:

OH: And, welcome to the community @Arm1nas

3 Likes
3

I am already using the snap version:
image

4

You have it installed but you are running v0.40. Notice the version in the log you showed.
You need to remove this 0.40 package version and the extra python apache plug-in you installed. The snap version includes its proper apache plugin.

root@ubuntu-server:~# cat /var/log/letsencrypt/letsencrypt.log
2022-07-26 15:40:46,722:DEBUG:certbot.main:certbot version: 0.40.0

See these install instructions for certbot

3 Likes
5

I agree with @MikeMcQ, you didn't follow the snap installation - where it requires to remove the previous version first.

Check:
apt list | grep installed | grep certbot

2 Likes
6

I followed the tutorial, certbot is not installed according to apt:
image

Edit: I ran "dpkg -l "certbot" and there was v0.40 config files so I purged that, deleted everything associated to certbot and now running "sudo certbot" returns me this command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/ver.lt/fullchain.pem' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apache2ctl configtest.\nAction 'configtest' failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:\nSSLCertificateFile: file '/etc/letsencrypt/live/ver.lt/fullchain.pem' does not exist or is empty\n")
root@ubuntu-server:/etc#
root@ubuntu-server:/etc# certbot
-bash: /usr/local/bin/certbot: No such file or directory
root@ubuntu-server:/etc# sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/000-default-le-ss                                                                                                                                                             l.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/ver.lt/fullchain.pem' does not e                                                                                                                                                             xist or is empty

Certbot doesn't know how to automatically configure the web server on this syste                                                                                                                                                             m. However, it can still get a certificate for you. Please run "certbot certonly                                                                                                                                                             " to do so. You'll need to manually configure your web server to use the resulti                                                                                                                                                             ng certificate.
7

What do these commands show?

sudo certbot --version

sudo certbot certificates
3 Likes
8

Congratulations, you've professionally made things worse!

Why would you purge all configuration files?

4 Likes
9

F**ck yes it works now, I disabled all ssl sites for now, it didn't work before because I purged everything related to certbot and it also removed the letsencrypt ssl certificates, now it works.
Thank you everyone for helping.

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.