I ran this command: ./certbot-auto --apache certonly -d londrina.net
It produced this output:
root@cxs-02-web01l [/opt/certbot]# ./certbot-auto --apache certonly -d londrina.net
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for londrina.net
Cleaning up challenges
File:
Could not be found to be deleted /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf - Certbot probably shut down unexpectedly
An unexpected error occurred:
IOError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf’
Please see the logfiles in /var/log/letsencrypt for more details.
My operating system is (include version): CentOS release 6.9 (Final)
My web server is (include version): Apache/2.2.29
I can login to a root shell on my machine (yes or no, or I don’t know): YES
2017-05-09 19:56:39,973:DEBUG:acme.client:Storing nonce: Kabe0jPHw8Iv2QUzdj503pggcBAzteey4UVc7QE6jHQ
2017-05-09 19:56:39,975:INFO:certbot.auth_handler:Performing the following challenges:
2017-05-09 19:56:39,976:INFO:certbot.auth_handler:tls-sni-01 challenge for londrina.net
2017-05-09 19:56:42,304:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf to /files/etc/httpd/conf/httpd.conf
2017-05-09 19:56:42,305:DEBUG:certbot_apache.tls_sni_01:writing a config file with text:
<VirtualHost [2804:0084:0000:0451:0000:0000:0000:004b]:443 189.14.255.250:443>
ServerName a3d5ae199a0fd5fa7231e745d75af30a.de79ce28bc92930007b517fe907070c3.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on
LimitRequestBody 1048576
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/LEeuN9FCT9JEs8ynaMFAWaNYhg5x54ZRZ8siU6mZBZU.crt
SSLCertificateKeyFile /var/lib/letsencrypt/LEeuN9FCT9JEs8ynaMFAWaNYhg5x54ZRZ8siU6mZBZU.pem
DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
2017-05-09 19:56:42,328:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py”, line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py”, line 1862, in perform
sni_response = chall_doer.perform()
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/tls_sni_01.py”, line 79, in perform
addrs = self._mod_config()
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/tls_sni_01.py”, line 113, in _mod_config
with open(self.challenge_conf, “w”) as new_conf:
IOError: [Errno 2] No such file or directory: ‘/etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf’
2017-05-09 19:56:42,328:DEBUG:certbot.error_handler:Calling registered functions
2017-05-09 19:56:42,328:INFO:certbot.auth_handler:Cleaning up challenges
2017-05-09 19:56:42,329:WARNING:certbot.reverter:File:
Could not be found to be deleted /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf - Certbot probably shut down unexpectedly
2017-05-09 19:56:43,672:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 742, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 682, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py”, line 344, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py”, line 313, in obtain_certificate
self.config.allow_subset_of_names)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py”, line 74, in get_authorizations
resp = self._solve_challenges()
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py”, line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py”, line 1862, in perform
sni_response = chall_doer.perform()
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/tls_sni_01.py”, line 79, in perform
addrs = self._mod_config()
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/tls_sni_01.py”, line 113, in _mod_config
with open(self.challenge_conf, “w”) as new_conf:
IOError: [Errno 2] No such file or directory: ‘/etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf’
@bmw, could you take a look at this? I’m not sure of the reason for the error. (But maybe it tried to default to /etc/httpd incorrectly because maybe Apache is in fact in /etc/apache2 on this system?)
@schoen I think that’s important remeber that this server is a cPanel. I don’t know if this change something… I know that there are some plugins to do that, but I want to issue a certificate manually. I want to change the default certificate od Dovecot with Let’sEncript certificate.
We’ve seen this issue before on Red Hat systems where your Apache configuration is different than Certbot expects. The GitHub issue for this is #3362.
How did you install Apache on this system? You can work around the problem by including --apache-challenge-location <path> on the command line where <path> is a valid file system path.
Friends, just one more question… I’m having this problem now when I try to issue the certificate for some subdomains…
root@cxs-02-web01l [/opt/certbot]# ./certbot-auto --webroot-path /home/persistelecom/ certonly -d persistelecom.com.br -d www.persistelecom.com.br -d cxs-02-web01l.persistelecom.com.br -d mail.persistelecom.com.br
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
What I have to do to issue the certificate to mail.* and others subdomains?
It seems like those subdomains probably don’t have the same webroot directory. When you specify a directory with -w, that has to be a directory where the web server can serve content for each of the following domains. That is, if you say -w /var/www/html and then -d foo.example.com, creating a file /var/www/html/test.txt must result in that file’s being served at http://foo.example.com/test.txt. If this is not so, the webrooot doesn’t match and the webroot validation method won’t succeed.
If each subdomain does have a web server but the content is served from a different directory, you can specify an additional webroot directory, like -w /var/www/html1 -d example.com -w /var/www/html2 -d subdomain.example.com, which uses /var/www/html1 for serving content to validate control of example.com and /var/www/html2 for serving content to validate control of subdomain.example.com.