Configuring Certbot to work on Bitnami Apache


#1

Hi
I’m trying to install ssl on my site hosted on Google cloud. deploy with Bitnami using Apache, and Debian 8.
When I try to run certbot – sudo certbot --apache
I get the next message:

The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, ‘/etc/apache2/sites-availabl
e/000-default.conf.save’, ‘Syntax error’),)

I checked my Syntax and got OK

Any idea how to work around that?

Thanks


Using Certbot with Bitnami Apache - More Issues
#2

Hi @thebigf,

Could you post a copy of that file here?


#3

did you mean the /000-default.conf.save?

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin 
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

^Y
^x


#4

Is the ServerAdmin line really blank? I think that would be a syntax error (as one possibility).


#5

Looks like it, How do I fix that?


#6

Maybe add an e-mail address (like webmaster@example.com) at the end of that line?


#7

Actually, I don’t think Certbot should be parsing that file at all. It seems to be parsing all files in sites-available for Debian, but the default Apache configuration seems to have changed between Debian 7 and 8 - it apparently now only looks for *.conf. Ubuntu seems to have made the same change, somewhere between 12.04 and 14.04.

Is there any way to override that default in Certbot?

…that being said - doesn’t Bitnami include its own Apache that’s separate from the one installed by apt, and puts all the configuration somewhere else entirely?


#8

Ok, looks like I did a wrong turn trying to modify the file I now get

sudo: /etc/sudoers is owned by uid 1002, should be 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Any Idea what I can do?

Thanks


#9

I don’t think that error is related to trying to edit your Apache configuration. Were you able to use sudo previously?


#10

Yes I did, My site is down at the moment. I contact Google to see if I can get it running again


#11

Hello again,

I did a new installation of my site, and try to run Certbot again.
This time I got this error:

self.restart() │
│ File │
│ “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, │
│ line 1665, in restart │
│ self._reload() │
│ File │
│ “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, │
│ line 1676, in _reload │
│ raise errors.MisconfigurationError(str(err)) │
│ MisconfigurationError: Error while running apache2ctl graceful. │
│ httpd not running, trying to start │
│ Action ‘graceful’ failed. │
│ The Apache error log may have more information. │
│ AH00558: apache2: Could not reliably determine the server’s fully │
│ qualified domain name, using 127.0.0.1. Set the ‘ServerName’ │
│ directive globally to suppress this message │
│ (98)Address already in use: AH00072: make_sock: could not bind to │
│ address 0.0.0.0:80 │
│ no listening sockets available, shutting down │
│ AH00015: Unable to open logs

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Hope you can help me here?


#12

How did you install certbot? Did you type a command like sudo apt-get install python-certbot-apache? If so, do you remember if it installed an apache2 package as a dependency?

My understanding is that Bitnami has its own installation of apache, and installing python-certbot-apache (rather than certbot) might cause apt to install Debian’s normal apache too. I think certbot may then be trying to configure the wrong one.

If I’m right, the simplest solution may be to use the --webroot plugin rather than --apache. See: https://certbot.eff.org/docs/using.html#webroot


#13

Hi,

yes I used sudo apt-get install python-certbot-apache -t jessie-backports
I don’t now how it was installed.

I will give a try for webroot I’m not really shure how to work it?

Thanks


#14

I’m not entirely familiar with Bitnami, just downloaded the VM to explore a bit as a few people have reported having trouble with it, but I haven’t used it on an actual website myself.

Using the webroot plugin would look something like this:

certbot certonly --webroot -w /opt/bitnami/apache2/htdocs -d example.com -d www.example.com --post-hook="/opt/bitnami/ctlscript.sh restart apache"

Replace example.com with your real domain name; remove -d www.example.com if you don’t use the www subdomain. You might have to change the paths if Bitnami is installed in a different location or you’re using a different web root.

If that works, edit the Apache configuration in /opt/bitnami/apache2/conf. Find these two lines:

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2.conf/server.key"

and replace them with the following:

SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"

replacing example.com with your certificate name. If you don’t remember your certificate name, you can find it by typing certbot certificates.

Next, restart Apache by typing:

/opt/bitnami/ctlscript.sh restart apache.

At this point, hopefully (if I haven’t forgotten anything), the HTTPS version of your website should be up and running.


#15

Hi,

Thanks for the detailed reply.

Is /opt/bitnami/apache2/conf. is the the full path? I’m not sure which file to update.

Thanks


#16

Update whichever file contains those two lines. On my VM, that appears to be /opt/bitnami/apache/conf/bitnami/bitnami.conf.


#17

Hi,
Thanks for your support.
I did a try to deploy it I got -bash: certbot: command not found
Is there a step I need to do before?

Thanks


#18

Hmm, did you start over with a new VM or something? If so, you’ll need to install Certbot again. I’d suggest that you follow the installation instructions at https://certbot.eff.org/ but (since you’re using Bitnami) replace python-certbot-apache with just certbot.

In other words, assuming you’re still using Debian 8: enable backports as you did before, then type:

sudo apt-get install certbot -t jessie-backports


#19

Ok, I did that and tried to install webroot this is what I got as response,

Traceback (most recent call last):
File “/usr/bin/certbot”, line 6, in
from pkg_resources import load_entry_point
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 3019, in
@_call_aside
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 3003, in _call_aside
f(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 3032, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 655, in _build_master
ws.require(requires)
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 963, in require
needed = self.resolve(parse_requirements(requirements))
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 849, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The ‘ndg-httpsclient’ distribution was not found and is required by requests
artofchangetherapy@artofcangetherapy-vm:~$

where I go from here?

P.S
Sorry for being a pain

Thanks again


"The 'ndg-httpsclient' distribution was not found" error
#20

Okay that’s a new one on me.

Only thing I can think of is, maybe your Apt is somehow configured not to install recommended packages, only dependencies? Then it could have missed python-ndg-httpsclient which would normally be installed automatically.

You could test this theory by manually installing that package with

sudo apt-get install python-ndg-httpsclient -t jessie-backports

and then trying the webroot plugin again.