Certbot on Centos 7 (apache) - Mod_SSL issue


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: thetixcenter.com

I ran this command:
yum install certbot-apache
It produced this output:
Error: Package: python2-certbot-apache-0.22.0-1.el7.noarch (epel)
Requires: mod_ssl

My web server is (include version):
Apache - 2.4.29
The operating system my web server runs on is (include version):
Centos 7 (kernel 3.10.0-693.17.1.el7.x86_64)
My hosting provider, if applicable, is:
DigitialOcean
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I have lets-encrypt for cpanel option but it prompts error telling me to contact host ( I know this is old and renamed or whatever so I Don’t use it)


#2

using certbot without the apache flag, and using the following command:
certbot certonly --manual --preferred-challenges=dns --email support@thetixcenter.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.thetixcenter.com

however I would like to auto install this cert, and auto renew.


#3

I’ll need to see the entire yum output to diagnose this issue properly. Please copy and paste everything yum outputs, from the big tree of arrows all the way down to the full error. If it’s too long for the forum you can use a service like pastebin.com and link to it here. Thanks!


#4

[root ~]# yum install certbot-apache
Loaded plugins: fastestmirror, universal-hooks
EA4 | 2.9 kB 00:00
cpanel-addons-production-feed | 2.9 kB 00:00
base | 3.6 kB 00:00
epel/x86_64/metalink | 17 kB 00:00
extras | 3.4 kB 00:00
letsencrypt-cpanel | 2.9 kB 00:00
updates | 3.4 kB 00:00
Loading mirror speeds from cached hostfile

  • EA4: 69.72.212.11
  • cpanel-addons-production-feed: 69.72.212.11
  • base: mirror.atlanticmetro.net
  • epel: mirror.math.princeton.edu
  • extras: mirror.net.cen.ct.gov
  • updates: mirror.atlanticmetro.net
    Resolving Dependencies
    –> Running transaction check
    —> Package python2-certbot-apache.noarch 0:0.22.0-1.el7 will be installed
    –> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.22.0-1. el7.noarch
    –> Processing Dependency: python-augeas for package: python2-certbot-apache-0.2 2.0-1.el7.noarch
    –> Running transaction check
    —> Package python-augeas.noarch 0:0.5.0-2.el7 will be installed
    –> Processing Dependency: augeas-libs for package: python-augeas-0.5.0-2.el7.noarch
    —> Package python2-certbot-apache.noarch 0:0.22.0-1.el7 will be installed
    –> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.22.0-1.el7.noarch
    –> Running transaction check
    —> Package augeas-libs.x86_64 0:1.4.0-2.el7_4.2 will be installed
    —> Package python2-certbot-apache.noarch 0:0.22.0-1.el7 will be installed
    –> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.22.0-1.el7.noarch
    –> Finished Dependency Resolution
    Error: Package: python2-certbot-apache-0.22.0-1.el7.noarch (epel)
    Requires: mod_ssl
    You could try using --skip-broken to work around the problem
    You could try running: rpm -Va --nofiles --nodigest
    [root~]#

#5

cPanel packages its own Apache rpms (via its EasyApache mechanism). e.g. You may find that mod_ssl is provided by ea-apache24-mod_ssl-2.4.29-9.9.1.cpanel.x86_64 rather than what you would expect from a standard CentOS environment.

For this specific reason, I am not sure whether it is possible/advisable to install Certbot (specifically, certbot-apache) from repos. Certbot (from EPEL) assumes that you have a standard CentOS environment, but in the case of cPanel, you definitely don’t.

It would be too risky to try and use the --installer apache with cPanel anyway, since cPanel manages/distills the httpd configuration on its own manually in a very specific manner, and manual changes by Certbot would get wiped out at next distillation. So you don’t need certbot-apache at all.

Perhaps instead try the portable certbot-auto, but I would not use it in any mode besides certonly, and you will need to write a manual certificate installation hook using the uapi command against SSL install_ssl.

As the author, I can provide some info:

  1. It’s a commercial plugin, the most likely reason to see that message is if you had a trial and it expired
  2. It’s still actively maintained
  3. It does not support wildcards yet, but support for it is coming this week . It fully supports wildcards.
  4. The built-in AutoSSL feature in cPanel does not support wildcards at this time

#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.