Help needed with initial setup errors


#1

Some help would be greatly appreciated

My domain is:
bobscloud.ddns.net

I ran this command:
sudo certbot --apache certonly

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

No names were found in your configuration files. Please enter in your domain

name(s) (comma and/or space separated) (Enter ‘c’ to cancel): bobscloud.ddns.net

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for bobscloud.ddns.net

Enabled Apache rewrite module

Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]

Cleaning up challenges

Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]

Encountered exception during recovery:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2023, in _reload

util.run_script(self.constant(“restart_cmd”))

File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script

raise errors.SubprocessError(msg)

certbot.errors.SubprocessError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations

resp = self._solve_challenges(aauthzrs)

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 126, in _solve_challenges

resp = self.auth.perform(all_achalls)

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2125, in perform

self.restart()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2013, in restart

self._reload()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2041, in _reload

raise errors.MisconfigurationError(error)

certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2023, in _reload

util.run_script(self.constant(“restart_cmd”))

File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script

raise errors.SubprocessError(msg)

certbot.errors.SubprocessError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered

self.funcs-1

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 310, in _cleanup_challenges

self.auth.cleanup(achalls)

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2150, in cleanup

self.restart()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2013, in restart

self._reload()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2041, in _reload

raise errors.MisconfigurationError(error)

certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

The operating system my web server runs on is (include version): Ubuntu Server 16.04

I can login to a root shell on my machine (yes or no, or I don’t know): yes


#2

Is the Apache web server running?


#3

I presume so because nextcloud is working on the internal network.

Unless it is not using apache

What is the best way to check?


#4

service apache2 restart
netstat -pant | grep 80


#5

ah!
Failed to restart apache2.service: Connection timed out

See system logs and ‘systemctl status apache2.service’ for details.

polkit-agent-helper-1: pam_authenticate failed: Authentication failure


#6

[Send a screenshot of the output]


#7

systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: inactive (dead) since Wed 2018-10-31 10:37:01 GMT; 9min ago
Docs: man:systemd-sysv-generator(8)
Process: 12173 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 12109 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)

Oct 31 10:37:01 ubuntuServer apache2[12109]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
Oct 31 10:37:01 ubuntuServer apache2[12109]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
Oct 31 10:37:01 ubuntuServer apache2[12109]: no listening sockets available, shutting down
Oct 31 10:37:01 ubuntuServer apache2[12109]: AH00015: Unable to open logs
Oct 31 10:37:01 ubuntuServer apache2[12109]: Action ‘start’ failed.
Oct 31 10:37:01 ubuntuServer apache2[12109]: The Apache error log may have more information.
Oct 31 10:37:01 ubuntuServer apache2[12109]: *
Oct 31 10:37:01 ubuntuServer apache2[12173]: * Stopping Apache httpd web server apache2
Oct 31 10:37:01 ubuntuServer apache2[12173]: *
Oct 31 10:37:01 ubuntuServer systemd[1]: Started LSB: Apache2 web server.


#8

i had previusly run this command too with the following output

sudo nextcloud.enable-https lets-encrypt
In order for Let’s Encrypt to verify that you actually own the
domain(s) for which you’re requesting a certificate, there are a
number of requirements of which you need to be aware:

  1. In order to register with the Let’s Encrypt ACME server, you must
    agree to the currently-in-effect Subscriber Agreement located
    here:

    https://letsencrypt.org/repository/
    

    By continuing to use this tool you agree to these terms. Please
    cancel now if otherwise.

  2. You must have the domain name(s) for which you want certificates
    pointing at the external IP address of this machine.

  3. Both ports 80 and 443 on the external IP address of this machine
    must point to this machine (e.g. port forwarding might need to be
    setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): letsencrypt@33memail.33mail.com
Please enter your domain name(s) (space-separated): bobscloud.ddns.net
Attempting to obtain certificates… done


#9

What is already using port 80?
netstat -pant | grep 80


#10

I’m not familiar with that command…


#11

I get this output
netstat -pant | grep 80
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -


#12

try:
sudo netstat -pant | grep 80


#13

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10011/nginx -g daem
tcp6 0 0 :::80 :::* LISTEN 10011/nginx -g daem


#14

nginx NOT apache - LOL


#15

can you tell im new to this?


#16

YES - but we won’t hold that against you!

So to see what certs you already have - start with:
sudo certbot certificates


#17

ok, thank you!
sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certs found.



#18

Ok then the nextcloud command may have failed - even thou it showed:

Anywho, try:
sudo certbot --nginx certonly

DISCLAIMER:
I DON’T USE NEXTCLOUD
I’M NOT SURE HOW TO INSTALL A CERT INTO NEXTCLOUD

But I will do my best to stay away from your nextcloud installation :slight_smile:


#19

OH!

Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/bobscloud.ddns.net/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/bobscloud.ddns.net/privkey.pem
    Your cert will expire on 2019-01-29. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le


#20

Excellent!
now show:
sudo certbot certificates