F29 certbot and apache - renew problem

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
buschbecks.homedns.org

I ran this command:
certbot renew --dry-run --apache

It produced this output:
see log below

My web server is (include version):
Server version: Apache/2.4.39 (Fedora)
Server built: Apr 2 2019 15:45:55

The operating system my web server runs on is (include version):
Fedora F29

My hosting provider, if applicable, is:
myself

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Hi,

renewing my certificate with certbot i run into troubles with apachectl:

[root@xxx letsencrypt]# more letsencrypt.log
2019-04-13 12:56:23,866:DEBUG:certbot.main:certbot version: 0.31.0
2019-04-13 12:56:23,866:DEBUG:certbot.main:Arguments: [’–dry-run’]
2019-04-13 12:56:23,867:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntr yPoint#manual,Pl
uginEntryPoint#null,PluginEntryPoint#standalone,Pl uginEntryPoint#webroot)
2019-04-13 12:56:23,893:DEBUG:certbot.log:Root logging level set at 20
2019-04-13 12:56:23,894:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-04-13 12:56:23,945:DEBUG:certbot.plugins.selection:Reque sted authenticator <certbot.cli._Default object at 0xb5feafec> and i
nstaller <certbot.cli._Default object at 0xb5feafec>
2019-04-13 12:56:23,945:DEBUG:certbot.cli:Var dry_run=True (set by user).
2019-04-13 12:56:23,945:DEBUG:certbot.cli:Var server={‘staging’, ‘dry_run’} (set by user).
2019-04-13 12:56:23,945:DEBUG:certbot.cli:Var dry_run=True (set by user).
2019-04-13 12:56:23,946:DEBUG:certbot.cli:Var server={‘staging’, ‘dry_run’} (set by user).
2019-04-13 12:56:23,946:DEBUG:certbot.cli:Var account={‘server’} (set by user).
2019-04-13 12:56:23,996:INFO:certbot.renewal:Cert not due for renewal, but simulating renewal for dry run
2019-04-13 12:56:23,996:DEBUG:certbot.plugins.selection:Reque sted authenticator apache and installer None
2019-04-13 12:56:24,149:ERROR:certbot.util:Error while running apachectl -v.

apachectl: The “-v” option is not supported.

Thanks for Your help!

Frank

2

Hi @fbu

looks like a bug in Fedora.

Read

1 Like
3

Hi JĂźrgen,
what i really want to do is to automatically renew my certificate without opening port 80 to my system.
Even if i do “dnf downgrade httpd” the server could not connect to the client to verify the domain cause it try to reach the http-address on port 80. --apache ist almost the same as --webroot.
Who can i redirect the challenge to https?
Thanks
Frank

1 Like
4

That's not possible if you want to use http-01 validation with Certbot.

You can switch to Certbot + dns-01 validation.

Or you use another client with tls-alpn-01 - validation.

Check

But an open port 80 should never be a problem.

Read

3 Likes
5

OK, many thanks, problem solved.
I opened Port 80, redirected every traffic to 443 and webroot works fine.
Don’t need working apachectl any more. :sunglasses:
Thanks for Your help! :+1:

1 Like
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.