Doesn't work with MAMP?

My domain is:

karaoke.kjams.com

I ran this command:
tried both:

sudo certbot --apache

and:

sudo certbot certonly --apache

It produced this output:

Could not find ssl_module; not disabling session tickets.

and then:

No names were found in your configuration files. Please enter in your domain
name(s)

so i enter my domain name, but then i see:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version):

apache via MAMP

The operating system my web server runs on is (include version):

macOS 10.15.6

My hosting provider, if applicable, is:

myself

I can login to a root shell on my machine (yes or no, or I don't know):

yes, the physical hardware is sitting in front of me

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

yes, MAMP PRO v6.2 (30167), but a confounding factor is that i CURRENTLY have certs from GoDaddy, but they'll expire next month, and i want to replace them with letsencrypt. so i'm not sure how to proceed, and there seems to be no doc on how to use certbot with MAMP ?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.9.0

@_az Shouldn't certonly work without a virtualhost? I issue (staging) certs for test domains a lot and those hostnames are nowhere found in my Apache configuration. So I don't understand this error message when ran witb certonly..

if anyone would be willing to get on a call or do a screen share, i'd be super grateful. you get free karaoke software! :smiley:

I think the error is complaining about being unable to find any virtualhost listening on port 80 (regardless of ServerName).

It's possible that the one warning and error message that OP encountered are simply due to Certbot not knowing where to find the configuration files for that particular distribution of Apache.

More generally, I don't know whether the Certbot Apache plugin is supposed to work with MAMP PRO. There are zero results on the issue tracker for "MAMP". Does it store its configuration files in /etc/apache and the virtualhosts in /etc/apache2/other? Those are the paths that Certbot expects by default on Darwin/macOS.

If it turns out that the Apache plugin simply doesn't understand MAMP, then you can do things by hand:

certbot certonly -d example.com -d www.example.com \
--webroot -w /path/to/webroot \
--deploy-hook "command-to-restart-mamp-apache"

I don't know anything about MAMP, but I remember seeing another thread from a user having trouble, who ended up switching to some other software package. So maybe that's not helpful at all, but I figured I'd add the pointer here just in case there was something useful there for you.

I would like to see the output of:
apachectl -S

[it's always a great place to start]

libre:~ davec$ apachectl -S
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using libre.local. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
ServerRoot: "/usr"
Main DocumentRoot: "/Library/WebServer/Documents"
Main ErrorLog: "/private/var/log/apache2/error_log"
Mutex default: dir="/private/var/run/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/private/var/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="_www" id=70 not_used
Group: name="_www" id=70 not_used

That config is literally EMTPY.
Which means: It is NOT serving any sites at all.
It would be impossible to secure NOTHING.

Are you sure that you aren't running MAMP in some container?

There's a DocumentRoot, so it's probably going to default to something. (Although using /usr as a DocumentRoot is kinda strange?) Note that a virtualhost isn't actually required if you're just running a single site.

There are no ports being listened to.
How would it know who to serve?

That's a good question :thinking: I suppose I assumed Apache would by default have a Listen 80? I don't know how that would show up in apachectl -S, a Listen without a virtualhost.

it's all done in mamp. apparently NOT with the built-in apache you get to from the command line

1 Like

try to find it with:
find / -name apache
find / -name apache2
find / -name apache.conf
find / -name apache2.conf

Or maybe:
ps -ef | grep apache
[not sure if that works on MAC]

How did you install the current cert?
[looking for clues]


Sooooo NOT /etc/apache2/

Those locations are good to know.
We may need them for when you do get an LE cert.

But it seems you may have two different Apache servers running.
Which, of course, is messing with certbot --apache logic/flow.

We need to use: --webroot -w /and/use/the/right/MAMP/root/path/
But that may take some guessing or consulting with the Google Gods (who know it all) :wink:
OR have a look into this file:


[which may have an include statement(s) - that will lead us to the right file]

Hello Dave. I am a longtime macOS user; thirty years in fact. I have also been using MAMP PRO -- or I should say, WAS using -- for at least nine years until a week ago. The fact of the matter is that Appsolute has made so many significant changes from MAMP PRO 5.7.0 to 6.0+, that it became a major point of frustration and aggravation for me, particularly due to the fact that their level of support is rather dismal.

Beginning with moving the document root from the standard "htdocs" folder to the "Sites" folder, and then forcing us to do SSL a certain way -- THEIR way -- and whatever else they did under the hood in recent versions, it became a real nightmare for me to try to get certain things to work right during the past month.

Totally frustrated, a week ago I purchased Abyss Web Server. It costs the same as MAMP PRO. Dave, the difference is like night from day.

With Abyss Web Server, both of my domains are now set up for automatic renewal and automatic installation of my Letsencrypt certificates. I don't even have to worry about it anymore. I could never do that with MAMP PRO.

SSL is also working properly once again for both sites.

Furthermore, both of my sites are now approved for the HSTS Preload List.

I also got automated email verification working for my one site.

Finally, later today I will have all of my 302 redirects changed to 301 permanent redirects.

All of these accomplishments are in large part due to the Abyss Web Server support staff actually patiently responding to each of my email inquiries, and providing me with clear step-by-step instructions. That is something I rarely ever saw with Appsolute over the past nine years. Their answers -- if any were even provided -- were often vague.

Dave, I am telling you these things to help you to avoid the weeks of frustration and aggravation which I endured, before saying adios to MAMP PRO. I am done with Appsolute. I urge you to switch to Abyss Web Server. I think you will be pleasantly surprised.

1 Like

In case this helps anyone:

MAMP can be confusing because everything is installed in /Applications and /Library AND it co-exists with whatever Apple shipped on the mac. It may also coexist with a homebrew or other package installer option. Commands are issued via the GUI and/or a lot of $PATH manipulation on the environment. It's not uncommon for a Mac user to collect multiple installations of Apache over the years, each from a different vendor/framework.

I found the easiest way to deal with SSL termination on MAMP is to... run Nginx on port 80 and then proxy everything to MAMP.

While I am partial to nginx and primarily us it, it compiles nicely and quickly on OSX AND is super lightweight. Whenever I need to run something on Apache, I actually us MAMP, have Apache bind to higher ports, and have nginx proxypass everything up to Apache. I've found that to be much easier than dealing with MAMP or Apache.

2 Likes