Error while running a2enmod soache_shmcb


#1

Please fill out the fields below so we can help you better.

I ran this command:./certbot-auto

It produced this output:

My operating system is (include version): Debian Wheezy

My web server is (include version):Apache 2.4.23

Hi, trying to install the certificate but after the command: ./certbot-auto I get:

ERROR: Module socache_shmcb does not exist!

Cleaning up challenges
Error while running a2dismod socache_shmcb.

ERROR: Module socache_shmcb does not exist!

Unable to run undo command: a2dismod socache_shmcb
Error while running a2enmod socache_shmcb.

ERROR: Module socache_shmcb does not exist!

AM I missing something?

Many thanks!


#2

Apache’s documentation on socache is utterly useless and ridiculous. I asked for help with socache on their user groups a number of times but was completely ignored. That alone made me sit down and learn Nginx which took me 2 days to master and I moved all my sites to Nginx within a few hours. I’ve never looked back and never will and that’s after being a loyal Apache user for some 10 years. There is also a LOT of bugs and issues with SSL on apache 2.4 which I started discovering when I started using LE cert’s, once again getting help on numerous errors being logged was useless as their user groups seemed unwilling to help. Do yourself a favor and get your head around Nginx, Apache really is not what it used to be.


#3

Indeed, I cant find much information about this socache thing.

But for now I really need to get this working.
Is there no other way to install let’s encrypt certificate on my server?

Thanks!


#4

I’d check the path ( usually in your /etc/apache2/ and either your main config, or mods-available/cache_socache.load ) … and see if it’s pointing to teh correct place ( typically usr/lin/apache2/modules/ )

is your apache running alright otherwise ? and yes there are other ways to get the cert, but if your apache isn’t working then that won’t help of course :wink:


#5

I just had a look in my old Apache installation folder I backed up, there are 4 modules there in /etc/apache2/mods-available/ all to do with socache


You may also find something in here that might help you - https://www.digitalocean.com/community/tutorials/how-to-configure-apache-content-caching-on-ubuntu-14-04

also some help here maybe - http://stackoverflow.com/questions/20127138/apache-2-4-configuration-for-ssl-not-working


#6

Interesting! Tagging @bmw @erica.

Certbot assumes socache_ shmcb is available if Apache is >= 2.4. Socache_shmcb is used by Apache to store various cached information. Among other things, it is used to store TLS session information, to make session resumption faster. Certbot tries to auto-enable this module so it can turn on TLS session caching, but it seems that the module is not available on your system for some reason.

You may be able to work around this issue by passing --apache-handle-modules=False, though you may then run into an issue with a SSLSessionCache shmcb:... line that Certbot might add to your Apache config.


#7

How did you install Apache? The latest version of Apache available on Wheezy is 2.2.22.

The reason Certbot enables socache_shmbc here is it’s (usually) a dependency of mod_ssl on Debian based systems with Apache >= 2.4. If you’re able to install and enable mod_ssl on your system, explicitly telling Certbot not to handle modules should work around the problem. Unfortunately, the current syntax for this is:

--apache-handle-modules ""

(See https://github.com/certbot/certbot/issues/3306 if you’re curious.)

Certbot shouldn’t include any directives that will cause errors if socache_shmcb isn’t enabled.

EDIT: Unless you try to enable OCSP stapling. In this case, we do need socache_shmcb.


#8

Thanks all, I will have a closer look later today.

Yes Apache is working fine for years now. I’m on a VPS. It’s a custombuild, it came with directadmin and apache 2.2 if i’m correct. I only did a update some time ago with the ./build update command.

I already tried searching for socache on the system, like you suggested, but i found nothing. Also no reference in httpd.conf etc. So it is simply not installed i think.

No, I don’t know anything about OCSP, so i’m not trying to enable it :slight_smile:


#9

Most likely there is some build time option to include or not include mod_socache_shmcb when you build Apache. You can work around this on the Certbot side by passing the flag, but probably a better long-term fix would be to check your Apache build options and get it to build the missing module (and any others that might be recommended but not enabled in your build).


#10

Passing the flag with --apache-handle-modules “” seems to be working but now it keeps bootstrapping dependencies or something.

No matter what letsencrypt command.

I get this and then nothing:

Bootstrapping dependencies for Debian-based OSes…
apt-get: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
/usr/lib/apt/methods/http: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
/usr/lib/apt/methods/http: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
/usr/lib/apt/methods/http: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
/usr/lib/apt/methods/http: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
/usr/lib/apt/methods/http: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
Hit http://ftp.debian.org wheezy Release.gpg
Get:1 http://pkg.cloudflare.com precise Release.gpg [473 B]
99% [Waiting for headers] [Waiting for headers] [Waiting for headers]/usr/lib/apt/methods/gpgv: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
/usr/lib/apt/methods/gpgv: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
Hit http://ftp.debian.org wheezy Release
Hit http://pkg.cloudflare.com precise Release
99% [Release gpgv 191 kB] [Waiting for headers] [Waiting for headers]/usr/lib/apt/methods/http: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
Hit http://security.debian.org wheezy/updates Release.gpg
Ign http://pkg.cloudflare.com precise Release
Hit http://ftp.debian.org wheezy/main amd64 Packages
Hit http://http.debian.net wheezy-backports Release.gpg
Hit http://ftp.debian.org wheezy/contrib amd64 Packages
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.debian.org wheezy/non-free amd64 Packages
Ign http://pkg.cloudflare.com precise/modcloudflare amd64 Packages/DiffIndex
Hit http://ftp.debian.org wheezy/main i386 Packages
Hit http://http.debian.net wheezy-backports Release
Hit http://ftp.debian.org wheezy/contrib i386 Packages
Ign http://pkg.cloudflare.com precise/modcloudflare i386 Packages/DiffIndex
Hit http://ftp.debian.org wheezy/non-free i386 Packages
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://ftp.debian.org wheezy/contrib Translation-en
Hit http://ftp.debian.org wheezy/main Translation-en
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://ftp.debian.org wheezy/non-free Translation-en
Hit http://http.debian.net wheezy-backports/main amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://security.debian.org wheezy/updates/main i386 Packages
Hit http://security.debian.org wheezy/updates/contrib i386 Packages
Hit http://security.debian.org wheezy/updates/non-free i386 Packages
Hit http://http.debian.net wheezy-backports/main i386 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Hit http://http.debian.net wheezy-backports/main Translation-en/DiffIndex
Hit http://pkg.cloudflare.com precise/modcloudflare amd64 Packages
Hit http://pkg.cloudflare.com precise/modcloudflare i386 Packages
Ign http://pkg.cloudflare.com precise/modcloudflare Translation-en
Fetched 473 B in 0s (1466 B/s)
Reading package lists… Done
W: There is no public key available for the following key IDs:
7638D0442B90D010
W: GPG error: http://pkg.cloudflare.com precise Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 254B391D8CACCBF8
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
7638D0442B90D010
apt-cache: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
apt-get: /usr/local/lib/libz.so.1: no version information available (required by /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12)
Reading package lists… Done
Building dependency tree
Reading state information… Done
ca-certificates is already the newest version.
gcc is already the newest version.
libffi-dev is already the newest version.
python is already the newest version.
python-dev is already the newest version.
python-virtualenv is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
augeas-lenses is already the newest version.
libaugeas0 is already the newest version.
You might want to run ‘apt-get -f install’ to correct these:
The following packages have unmet dependencies:
mod-pagespeed-stable : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is to be installed
E: Unmet dependencies. Try ‘apt-get -f install’ with no packages (or specify a solution).


#11

Have you tried running apt-get -f install?


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.