Fedora 26 fresh install: certbot --apache fails

OS Details: Fedora 26
Host: intranet2.justcroft.com
Server version: Apache/2.4.26 (Fedora)
Server built: Jun 28 2017 09:54:31

Problem: A fresh Fedora 26 install, with httpd, php, postgresql. That works in that I can browse to a test page in http
I used the

sudo dnf install certbot-apache

command, and that claims to have been successful.
So then I tried

certbot --apache

and got

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested apache plugin does not appear to be installed

Here is /var/log/letsencrypt/letsencrypt.log
2017-07-14 07:49:35,890:DEBUG:certbot.main:certbot version: 0.14.1
2017-07-14 07:49:35,891:DEBUG:certbot.main:Arguments: [’–apache’]
2017-07-14 07:49:35,892:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-07-14 07:49:35,921:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2017-07-14 07:49:35,921:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7fa1b0f0bac8>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x7fa1b0f0bba8>, apache=True, authenticator=‘apache’, break_my_certs=<certbot.cli._Default object at 0x7fa1b0f0ba20>, cert_path=<certbot.cli._Default object at 0x7fa1adde0668>, certname=<certbot.cli._Default object at 0x7fa1addcffd0>, chain_path=<certbot.cli._Default object at 0x7fa1adde0c18>, checkpoints=<certbot.cli._Default object at 0x7fa1b0f63908>, config_dir=<certbot.cli._Default object at 0x7fa1adde0cf8>, config_file=None, configurator=<certbot.cli._Default object at 0x7fa1addeb0f0>, csr=<certbot.cli._Default object at 0x7fa1b0ef6898>, debug=<certbot.cli._Default object at 0x7fa1adde07b8>, debug_challenges=<certbot.cli._Default object at 0x7fa1adde08d0>, dialog=None, domains=<certbot.cli._Default object at 0x7fa1addd7198>, dry_run=<certbot.cli._Default object at 0x7fa1addcfeb8>, duplicate=<certbot.cli._Default object at 0x7fa1adde04e0>, eff_email=<certbot.cli._Default object at 0x7fa1addcf828>, email=<certbot.cli._Default object at 0x7fa1addcfa90>, expand=<certbot.cli._Default object at 0x7fa1addcf3c8>, force_interactive=<certbot.cli._Default object at 0x7fa1addd72e8>, fullchain_path=<certbot.cli._Default object at 0x7fa1adde0438>, func=<function run at 0x7fa1b0f540d0>, hsts=<certbot.cli._Default object at 0x7fa1addcfa58>, http01_port=<certbot.cli._Default object at 0x7fa1adde0b70>, ifaces=<certbot.cli._Default object at 0x7fa1adde0a20>, init=<certbot.cli._Default object at 0x7fa1b0f63fd0>, installer=‘apache’, key_path=<certbot.cli._Default object at 0x7fa1adde0160>, logs_dir=<certbot.cli._Default object at 0x7fa1adde0eb8>, manual=<certbot.cli._Default object at 0x7fa1addeb6a0>, manual_auth_hook=<certbot.cli._Default object at 0x7fa1addeb908>, manual_cleanup_hook=<certbot.cli._Default object at 0x7fa1addeb9e8>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7fa1addebac8>, must_staple=<certbot.cli._Default object at 0x7fa1addcf0f0>, nginx=<certbot.cli._Default object at 0x7fa1addeb4a8>, no_bootstrap=<certbot.cli._Default object at 0x7fa1adde0080>, no_self_upgrade=<certbot.cli._Default object at 0x7fa1adde0240>, no_verify_ssl=<certbot.cli._Default object at 0x7fa1adde09b0>, noninteractive_mode=<certbot.cli._Default object at 0x7fa1addd7438>, num=<certbot.cli._Default object at 0x7fa1b0ef6e10>, os_packages_only=<certbot.cli._Default object at 0x7fa1adde0390>, post_hook=<certbot.cli._Default object at 0x7fa1b0efa0b8>, pre_hook=<certbot.cli._Default object at 0x7fa1b0efa898>, pref_challs=<certbot.cli._Default object at 0x7fa1b0efa630>, prepare=<certbot.cli._Default object at 0x7fa1b0f635c0>, quiet=<certbot.cli._Default object at 0x7fa1adde05f8>, reason=<certbot.cli._Default object at 0x7fa1b0f63128>, redirect=<certbot.cli._Default object at 0x7fa1addcf4a8>, register_unsafely_without_email=<certbot.cli._Default object at 0x7fa1addcfd30>, reinstall=<certbot.cli._Default object at 0x7fa1addcf550>, renew_by_default=<certbot.cli._Default object at 0x7fa1addcf128>, renew_hook=<certbot.cli._Default object at 0x7fa1b0f52940>, renew_with_new_domains=<certbot.cli._Default object at 0x7fa1b0f0bf98>, rsa_key_size=<certbot.cli._Default object at 0x7fa1b0f0b7b8>, server=<certbot.cli._Default object at 0x7fa1adde0f98>, staging=<certbot.cli._Default object at 0x7fa1adde06d8>, standalone=<certbot.cli._Default object at 0x7fa1addeb5c0>, standalone_supported_challenges=<certbot.cli._Default object at 0x7fa1addebba8>, staple=<certbot.cli._Default object at 0x7fa1addd7550>, strict_permissions=<certbot.cli._Default object at 0x7fa1adddbf98>, text_mode=<certbot.cli._Default object at 0x7fa1addd7588>, tls_sni_01_port=<certbot.cli._Default object at 0x7fa1adde0a90>, tos=<certbot.cli._Default object at 0x7fa1b0f0bb38>, uir=<certbot.cli._Default object at 0x7fa1addd7048>, update_registration=<certbot.cli._Default object at 0x7fa1addcfbe0>, user_agent=<certbot.cli._Default object at 0x7fa1b0ef6a90>, validate_hooks=<certbot.cli._Default object at 0x7fa1b0ef6ef0>, verb=‘run’, verbose_count=<certbot.cli._Default object at 0x7fa1addd7d68>, webroot=<certbot.cli._Default object at 0x7fa1addeb7b8>, webroot_map=<certbot.cli._Default object at 0x7fa1addebd68>, webroot_path=<certbot.cli._Default object at 0x7fa1addeb8d0>, work_dir=<certbot.cli._Default object at 0x7fa1adde0dd8>)
2017-07-14 07:49:35,930:DEBUG:certbot.log:Root logging level set at 20
2017-07-14 07:49:35,931:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-14 07:49:35,932:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2017-07-14 07:49:35,932:DEBUG:certbot.plugins.selection:No candidate plugin
2017-07-14 07:49:35,932:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

Background: I’m trying to set up a server on Fedora 26. I’m not really familiar with Fedora: my servers usually run Ubuntu but there seems to be something odd happening with the interaction between Qt on Mac OSX and Ubuntu 16.04/Apache/SSL, hence the thought to try a different ecosystem.

Those 3 lines pretty much sum it up.
You chose Apache, but certbot can’t “find” Apache.
Is Apache running?

also noticed:
sudo dnf to "install certbot-apache"
but no sudo for “certbot --apache” ?

@SwartzCr, here is another potential packaging concern.

The certbot-apache package should come with apache, but I agree that you should check if it’s installed. If it’s not, install it and see if that fixes anything, if it is - let me know and we can do some more debugging!

Apache was installed and running.
I worked around with a --certonly switch, because I already have the Apache configuration from the Ubuntu setup - just needed a few minor changes to accommodate the Fedora differences.
As far as I am concerned this matter is closed, but it does seem odd that the plug-in was not found correctly.

Hello … I also just setup a server on fedora 26 and get the same error … And at the same error shows up here … Did i miss something about how to fix it … Thanks John G

Got the same problem here…

@n3ovo @reinhapa

Which part of the work around was confusing?

Apache was installed and running.
I worked around with a --certonly switch, because I already have the Apache configuration from the Ubuntu setup - just needed a few minor changes to accommodate the Fedora differences.
As far as I am concerned this matter is closed, but it does seem odd that the plug-in was not found correctly.

If you situation is different I would suggest opening a new thread filling out the appropriate help questions so others can help.

Jumping on a thread that is solved and where the user explained how they solved it without explaining properly doesn’t make sense to me

Andrei

@ahaw021 I had to reinstall a Fedora 26 Server and have restored the previously running configuration directory for letsencrypt and apache including installing the certbot using dnf install certbot-apache

Now the info about the existing certificates using: certbot certificates gives me the following output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: reinharts.dyndns.org-0001
    Domains: reinharts.dyndns.org rtc.to
    Expiry Date: 2017-09-28 22:01:00+00:00 (VALID: 64 days)
    Certificate Path: /etc/letsencrypt/live/reinharts.dyndns.org-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/reinharts.dyndns.org-0001/privkey.pem
  Certificate Name: reinharts.dyndns.org
    Domains: www.rtc.to reinharts.dyndns.org rtc.to
    Expiry Date: 2017-09-28 22:01:00+00:00 (VALID: 64 days)
    Certificate Path: /etc/letsencrypt/live/reinharts.dyndns.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/reinharts.dyndns.org/privkey.pem
-------------------------------------------------------------------------------

The next step was to check the renew command prior adding it to crontab: certbot renew --dry-run gave me:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/reinharts.dyndns.org-0001.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
Attempting to renew cert from /etc/letsencrypt/renewal/reinharts.dyndns.org-0001.conf produced an unexpected error: The requested apache plugin does not appear to be installed. Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/reinharts.dyndns.org.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
Attempting to renew cert from /etc/letsencrypt/renewal/reinharts.dyndns.org.conf produced an unexpected error: The requested apache plugin does not appear to be installed. Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/reinharts.dyndns.org-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/reinharts.dyndns.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
2 renew failure(s), 0 parse failure(s)

Seems to be only a bug in combination with the --dry-run argument. Leaving it away seems to work:
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: reinharts.dyndns.org-0001
    Domains: reinharts.dyndns.org rtc.to
    Expiry Date: 2017-09-28 22:01:00+00:00 (VALID: 64 days)
    Certificate Path: /etc/letsencrypt/live/reinharts.dyndns.org-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/reinharts.dyndns.org-0001/privkey.pem
  Certificate Name: reinharts.dyndns.org
    Domains: www.rtc.to reinharts.dyndns.org rtc.to
    Expiry Date: 2017-09-28 22:01:00+00:00 (VALID: 64 days)
    Certificate Path: /etc/letsencrypt/live/reinharts.dyndns.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/reinharts.dyndns.org/privkey.pem
-------------------------------------------------------------------------------
[root@svgator ~]# dnf install certbot-apache
Last metadata expiration check: 1:32:08 ago on Mit 26 Jul 2017 11:52:24 CEST.
Package python2-certbot-apache-0.14.1-1.fc26.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!

Found something here that worked for me; (the python2 certbot apache plugin is broken, but the python 3 certbot apache plugin works)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.