Installation on compiled APACHE VERSION


#1

I,m running different domain on an Apache server with vhost

So I tried to set cert with certbot following digitalocean tuto

But when I run
root@vdsxxx:~# certbot-auto --apache -d mydomain.com -d www.mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/mysql/bin/
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(‘Cannot find Apache control command apache2ctl’,)

The problem is the fact apache have been compiled and not install by apt

When I check https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache/constants.py
i my case almost everything are different:
server_root="/ur/local/apache2",
vhost_root="/ur/local/apache2/sitessup",
vhost_files="*",
logs_root="/var/log/apache2",
version_cmd=[‘httpd’, ‘-v’],
define_cmd=[‘httpd’, ‘-t’, ‘-D’, ‘DUMP_RUN_CFG’],
restart_cmd=[‘httpd’, ‘graceful’],
conftest_cmd=[‘httpd’, ‘configtest’],
enmod=?,
dismod=?,
le_vhost_ext=?,
handle_mods=?,
handle_sites=?,
challenge_location=?,
MOD_SSL_CONF_SRC=?

How could I install set up cert?

Config ;
Linux vds143 3.13.0-100-generic #147-Ubuntu SMP Tue Oct 18 16:48:51 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

root@vds143:~# /usr/local/apache2/bin/httpd -V
Server version: Apache/2.2.31 (Unix)
Server built:   May 27 2016 03:13:57
Server's Module Magic Number: 20051115:40
Server loaded:  APR 1.5.2, APR-Util 1.5.4
Compiled using: APR 1.5.2, APR-Util 1.5.4
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

#2

I think you’d be better uing the certonly webroot option on your setup ( i.e. you can obtain the certificate however certbot won’t try and automatically configure your apache for you). You then need to manually add the certificate to your apache config the firt time. After that, the renewal can be automatic with no manual changes needed.


#3

So you mean
certbot certonly -w /etc/ssl -d example.com -d www.example.com

And then confirm by my self vhost

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@example.com

		DocumentRoot /var/www/html

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLEngine on

		SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

		#SSLCACertificatePath /etc/ssl/certs/
		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

		#SSLCARevocationPath /etc/apache2/ssl.crl/
		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

		#SSLVerifyClient require
		#SSLVerifyDepth  10

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

		
	</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Where can I find vhost/letsencrypt exanple?

I was thinking to run
certbot-auto --config cli.ini

wih a cli.in

# cli.ini
email = contact@mexample.com
domains = example.com, www.example.com

server_root= "/ur/local/apache2",
vhost_root= "/ur/local/apache2/sitessup",
vhost_files= "*",
logs_root= "/var/log/apache2",
version_cmd=['httpd', '-v'],
define_cmd=['httpd', '-t', '-D', 'DUMP_RUN_CFG'],
restart_cmd=['httpd', 'graceful'],
conftest_cmd=['httpd', '-t'],
#enmod=None,
#dismod=None,
le_vhost_ext="-le-ssl.conf",
handle_mods=False,
handle_sites=False,
challenge_location="/ur/local/apache2",
#MOD_SSL_CONF_SRC=pkg_resources.resource_filename("certbot_apache", "options-ssl-apache.conf")

your solution seems safer (always choose safest way on prod server)
But do you think this solution could work?


#4

You should be able to do it by editing the config file - personally I’d go for the webroot method as there may well be changes in the config file in the future, so for safety I’d personally go for the webroot option

The webroot would need to be the webroot of your virtual host ( /var/www/html from your config not /etc/ssl )

The certs would be placed in /etc/letsencrypt/live/example.com/… not /etc/ssl/


#5

Thanks,

that’s sure it’s a safer way
Ok for certbot.

do you know where can I find an example vhost/ssl.conf done by let’s encrypt/certbot?


#6

I’d suggest using https://mozilla.github.io/server-side-tls/ssl-config-generator/ for setting up a good config.

The locations will be /etc/letsencrypt/live/example.com/ for your certificates.


#7

So I’m trying

$certbot-auto certonly -w /home/sitexxx/web -d example.com -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/mysql/bin/

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 

Is correct?

should I press 1?


#8

In your vhost file earlier you pasted it had " DocumentRoot /var/www/html"
assuming that was just an example, and the correct webroot is /home/sitexxx/web then yes, press 1.


#9

- Congratulations! Your certificate and chain have been saved at

Now stil configure vhost!!


#10

When I do certonly command I got a warning:

Failed to find apache2ctl in PATH: 

Is it a problem?
As I only make cert and received te message «congratulation…» I guess not


#11

No, you can ignore the message.

If you use “certbot” instead of “certbot-auto” you probably won’t get the message.


#12

thanks @serverco I got it!


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.