Certbot errors Fresh apache2 ubuntu 20.0.4 RasPi 4

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: oleum.net

I ran this command:sudo certbot --apache

It produced this output:An unexpected error occurred:
OSError: cannot load library ‘/snap/certbot/501/usr/lib/x86_64-linux-gnu/libaugeas.so.0’: /snap/certbot/501/usr/lib/x86_64-linux-gnu/libaugeas.so.0: cannot open shared object file: No such file or directory. Additionally, ctypes.util.find_library() did not manage to locate a library called ‘/snap/certbot/501/usr/lib/x86_64-linux-gnu/libaugeas.so.0’

My web server is (include version):Server version:
Apache/2.4.41 (Ubuntu)
Server built: 2020-08-12T19:46:17

The operating system my web server runs on is (include version):
Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1015-raspi aarch64)

My hosting provider, if applicable, is: hosted at home

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.7.0

ufw

`Status: active

To Action From


22/tcp ALLOW Anywhere
Apache ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6) `

I spent quite a few hours on an older partly configured server but I was having so much bother I did a clean install. This has only had default apache and ufw on it . I get the apache defailt page accessing at oleum.net from a browser on my phone connected through a vpn so its not loading the page locally.

I’d be really grateful for help again, as I never did get the other one working, despite many suggestions

Perhaps you are missing an augeas library, what do you get from sudo apt list --installed | grep augeas?

$ sudo apt list --installed |grep augeas

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Ah, if that’s all then you are seemingly missing augeas entirely. On Debian, I was able to run certbot successfully with the following augeas packages:
augeas-lenses
libaugeas0
python3-augeas

I found in the certbot docs that “the Apache plugin currently requires an OS with augeas version 1.0.”

I’ll install those and give it a go thanks.
I’m guessing as thats not in Ubuntu 20.0.041 server , ppl ought to know. Its fairly likely what ppl will use, anyway I’ll get back to you

sudo certbot – apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
OSError: cannot load library ‘/snap/certbot/501/usr/lib/x86_64-linux-gnu/libaugeas.so.0’: /snap/certbot/501/usr/lib/x86_64-linux-gnu/libaugeas.so.0: cannot open shared object file: No such file or directory. Additionally, ctypes.util.find_library() did not manage to locate a library called ‘/snap/certbot/501/usr/lib/x86_64-linux-gnu/libaugeas.so.0’
Please see the logfiles in /var/log/letsencrypt for more details.

So that kinda didnt work

I do have
augeas-lenses/focal,now 1.12.0-1build1 all [installed]
libaugeas0/focal,now 1.12.0-1build1 arm64 [installed]
python3-augeas/focal,now 0.5.0-1.1 all [installed]
now though :slight_smile:

@bmw It seems this certbot snap isn’t working for some reason. Any thoughts?

I hope we’re not seeing more problems with snaps than with distro packages, because I personally have no snap experience and with snap not running on default Gentoo, I’m not going to either…

hmm Im going to run the snap install of certbot again after uninstalling it. the augeas stuff wasnt installed when I installed certbot

interesting its telling me certbot isnt installed!
Reading package lists… Done
Building dependency tree
Reading state information… Done
Package ‘certbot’ is not installed, so not removed
yes it was a snap install and I tried to remove it using apt

so the snap uninstall did work…

sudo snap remove certbot
certbot removed

This is a known issue with the Apache plugin in the Certbot snap on architectures other than x86_64. See https://github.com/certbot/certbot/issues/8216.

It will be fixed in our release next week.

2 Likes

Ah, well time to stop banging my head on the wall
Is there another way to get a certificate set up?

You could use the webroot plugin. You’d have to install the certificate yourself manually in a HTTPS VirtualHost though.

installing the certificate manually doent seem great idea I used up a lot of sunday evening not doing that
I just need a simple… this file goes there with these permissions kinda checklist!

Well, installing a certificate is pretty easy actually. Just copy the <VirtualHost *:80> ... </VirtualHost> block, preferably a separate file which is both easy to recognise as part of the site and recognisable as HTTPS configuration file. For example, certbot uses the same filename as the original, but postfixed by -le-ssl.conf.

Then, change the *:80 to :443 in the HTTPS config file, add the proper SSLCertificateFile and SSLCertificateKeyFile directives (pointing to fullchain.pem and privkey.pem in the correct /etc/letsencrypt/live/ directory) and, to be a little bit lazy, add Include /etc/letsencrypt/options-ssl-apache.conf too. That file actually turns SSL on if it isn’t already and adds some sane security defaults.

excellent, thanks.
I’ll try that when I get a bit of spare time. I’m fighting another installation of something totally different on some other servers right now.

are those the only files I need to link - fullchain.pem and privkey.pem, iseem to remember there were others when I looked last try?

But thatnks so much, hope I can get it to work

There are also the files cert.pem and chain.pem, but fullchain.pem is a concatenation of both those files. There are also there for other services which can’t use fullchain.pem. For example, Apache with versions pre-2.4.8 couldn’t use fullchain.pem, but required cert.pem, chain.pem and privkey.pem all in their own directive.

really useful information and stuff I really found difficulty sifting through, hope this helps others too :ok_hand:

It’s also explained in the certbot documentation though…