Certbot installation failure CentOS 8

Help
1

My domain is: only numerical IP at the moment

I was following instructions at this page: https://certbot.eff.org/lets-encrypt/centosrhel8-apache
I was logged in as root, so I ran all the commands without the “su”.

At step 3, I chose to let it install, the first command, which is: /usr/local/bin/certbot-auto --apache

It produced this output:

Creating virtual environment…
Installing Python packages…
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",)

My web server is (include version): Apache/2.4.37 (centos)

The operating system my web server runs on is (include version): CentOS Linux 8 (Core)

My hosting provider, if applicable, is: SimplerCloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): command not found, hasn’t been installed?

2

Hi @fodux

your configuration is broken. Disable that vHost.

You can't create a certificate with an ip address. A public visible, worldwide unique domain name is required. Not something like example.local.

3

Thank you, I believe the whole ssl.conf file is the default placed there as part of the package-installation of mod_ssl (# dnf install mod_ssl )
Should I delete the ssl.conf ? Or should I delete just the section surrounded by
<VirtualHost _default_:443> to </VirtualHost>

I have https://mydomain.com working at my old VPS at hosting company which I am leaving soon.
I am now trying to prepare a new VPS at new hosting company now, without disrupting the website.
I will create new.mydomain.com (using my DNS host, cloudflare), to point at the new VPS, and want to get LetsEncrypt with CertBot working.

4

It worked after doing these:

Delete the VirtualHost section that was in the default ssl.conf (may not be necessary).
Create a mydomain.com.conf file in /etc/httpd/conf.d as instructed in: https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-setup-lets-encrypt-ssl-certificate-with-apache-on-rhel-8-centos-7-rhel-7.html It will have a barebones VirtualHost section for port 80. This is needed and not mentioned in the CertBot installation instructions, for systems that do not come preconfigured to use a VirtualHost for port 80.

Run /usr/local/bin/certbot-auto --apache

There was acme-challenge failure at first, but it passed when I repeated it. I have not figured out what went wrong yet.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.