How To Successfully Install CertBot on Apache on CentOS 6

Okay There were no videos or any Good Guides on setting CertBot at CentOS6

I remind that during installation It Gave me a warning regarding ‘No Vhosts’ or something like that
It Messed up my Apache Installation and now it’s not even running
I tried ‘service httpd restart’ Stopping httpd was okay but Failed to stary httpd
So I’ve Tried to remove httpd then re-install it… Still not starting !

Help me out ! And Please Give me solution ASAP, I’m in Trouble !

If the configuration changes that broke apache were made by certbot, you can use the certbot rollback (or ./certbot-auto rollback) command to revert those changes. Removing the httpd package will not delete the configuration in /etc/httpd AFAIK, so it would make sense that this does not fix your problem.

If the rollback command doesn’t get you anywhere, please provide the error message you get when apache fails to start, and we can try to fix the errors manually. You should be able to see that message either when you’re restarting apache, in your apache error log or in your system log.

Once apache is working again, prepare the configuration for certbot:
Certbot works best if your <VirtualHost> definitions are in a separate file, with one <VirtualHost> tag per file. I would recommend moving all your <VirtualHost> directives to separate files in /etc/httpd/conf.d. For example, if you have two separate vhosts, one for example.com and one for foo.example.com, you might have /etc/httpd/conf.d/example.com.conf and /etc/httpd/conf.d/foo.example.com.conf. The CentOS documentation on the certbot homepage should be sufficient once your configuration is prepared in this way. Certbot will then create two additional files with SSL vhosts for you.

2 Likes

Yep Rollback Cmd Worked !

Sadly I didn't get you in this part :

So I decided to follow this Tutorial :

Here after Doing Everything, When I try to stop all apache processes through
sudo apachectl -k stop command I got an error

Syntax error on line 1009 of /etc/httpd/conf/httpd.conf:
CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" clause (see docs)

I know that's kinda not related with CertBot but, can you just help me in this part ?!
I can't continue due to this..

Based on the comments posted for this tutorial, it seems the CustomLog line should be CustomLog /var/www/example.com/requests.log common instead.

Okay Very Cool !
It seems that you’re a real pro in this !

Let’s move on…
So After Doing Everything on the Digital Ocean Tut, I tried to run the cmd ./certbot-auto
Which led me to choose between 2 domains…
*www.mydomain.com
*domain.com
I Clicked on the www one which led me to this… (And Vice-Versa For The non-www one)

So Then, I decided to remove ServerAlias and done everything else like restarting Apache and all… Then I executed ./certbot-auto once more… as a result there was no non-www version…
I proceeded with www version, once more no luck ! That led me to the same screen with the same error !
So Yeah, That’s awkward !

Help me please !
Anyone ?!

it's expecting only one host in /etc/httpd/conf/httpd.conf rather than all the accounts in a single file. It's the same thing that pfg was referring to earleri ....

At the moment you have all the domain entries ( I assume) in one file - /etc/httpd/conf/httpd.conf

You can spit that up into multiple files - one file per domain and place them all in /etc/httpd/conf.d

Can You Guide Me More Briefly ?!

Your file /etc/httpd/conf/httpd.conf will currently have lots of domains in it …

<VirtualHost x.x.x.x:80>
  ServerName domain1.com
  ServerAlias www.domain1.com
  DocumentRoot /home/domain1/public_html
..... lots of lines
</VirtualHost>

<VirtualHost x.x.x.x:80>
  ServerName domain2.com
  ServerAlias www.domain2.com
  DocumentRoot /home/domain2/public_html
..... lots of lines
</VirtualHost>

split these up into files

/etc/httpd/conf.d/domain1.conf

<VirtualHost x.x.x.x:80>
  ServerName domain1.com
  ServerAlias www.domain1.com
  DocumentRoot /home/domain1/public_html
..... lots of lines
</VirtualHost>

/etc/httpd/conf.d/domain2.conf

<VirtualHost x.x.x.x:80>
  ServerName domain2.com
  ServerAlias www.domain2.com
  DocumentRoot /home/domain2/public_html
..... lots of lines
</VirtualHost>
1 Like

O.o
I guess I’ve only one domain in it !
Though, Let me try it…

Edit :

So, I’ve Followed you as a result commented the virtualhost lines at /etc/httpd/conf/httpd.conf
Then Created /etc/httpd/conf.d/domain1.conf

Restarted Apache, executed the command ./certbot-auto
Then Selected *www.mydomain.com
Then Selected “Attempt To Reinstall this existing certificate”

Here’s what I got…

What to do ? :confused:

Could you run httpd -S and paste the output here?

It Says

VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:80 www.mydomain.com (/etc/httpd/conf.d/mydomain.conf:1) Syntax OK

Note : I’ve Changed my real domain with mydomain.com

@pfg

That looks fine. Could you run grep -r "SSLCertificateFile" /etc/httpd/ and paste the output here?

Here You Go Boss :

/etc/httpd/conf.d/ssl.conf.rpmsave:# Point SSLCertificateFile at a PEM encoded c ertificate. If /etc/httpd/conf.d/ssl.conf.rpmsave:SSLCertificateFile /etc/letsencrypt/live/www. domain.com/cert.pem /etc/httpd/conf.d/ssl.conf.rpmsave:# the referenced file can be the same as SS LCertificateFile

System :

VPS From Linode
Domain From GoDaddy
CentOS 6 | Apache

So First - As Said here
Though My /etc/httpd/conf/httpd.conf file had only one vhost I had still created a complete different file for my domain at /etc/httpd/conf.d/domain1.conf
Then continued the installation by executing ./certbot-auto

After Getting The Congratulations message I’ve went to mydomain.com which looks like this as expected :


But, Sadly When I’ve tried to visit https://mydomain.com The default page came ! Weird !

Plus there was no padlock too !

What to do now ? Please help ! Today is the Deadline and I haven’t even installed wordpress yet !

What are the contents of your /etc/httpd/conf.d/mydomain.conf?

If you are interested, you may have a try on acme.sh.
It was tested working on Centos6.

Install

curl  https://get.acme.sh  | sh

Issue cert:

acme.sh  --issue  -d  yourdomain.com  -d www.yourdomain.com  --apache 

Please let me know if it works for you.

Here You Go

`NameVirtualHost *:80

<VirtualHost *:80>
ServerAdmin webmaster@mydomain.com
DocumentRoot /var/www/mydomain.com/public_html
ServerName www.mydomain.com
ServerAlias mydomain.com
ErrorLog /var/www/mydomain.com/error.log
CustomLog /var/www/mydomain.com/requests.log common

`

You Sure That’s Gonna Work ?!

Okay I Tried to install acme.sh
But I guess I’ve messed up everything !

acme.sh was successfully installed ! I got a ‘cert success’ and something like begin certificate and all…
But still No Green Padlock !