Installer can't find apache2ctl

I enter “sudo ./venv/bin/letsencrypt auth”. I enter “mydomain.com”. And “An unexpected error occurred. Please see the logfiles in /var/log/letsencrypt for more details”.

2015-09-17 20:16:15,042:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-09-17 20:16:15,042:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-09-17 20:16:15,042:DEBUG:letsencrypt.cli:Arguments: ['auth']
2015-09-17 20:16:15,042:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-09-17 20:16:17,071:ERROR:letsencrypt.le_util:Unable to run the command: apache2ctl configtest
2015-09-17 20:16:17,077:DEBUG:letsencrypt.plugins.disco:Misconfigured PluginEntryPoint#apache: Unable to run the command: apache2ctl configtest
Traceback (most recent call last):
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/plugins/disco.py", line 98, in prepare
    self._initialized.prepare()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_apache/configurator.py", line 141, in prepare
    self.config_test()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_apache/configurator.py", line 1068, in config_test
    raise errors.MisconfigurationError(str(err))
MisconfigurationError: Unable to run the command: apache2ctl configtest
2015-09-17 20:16:17,077:DEBUG:letsencrypt.plugins.disco:No installation (PluginEntryPoint#nginx): Could not find configuration root
Traceback (most recent call last):
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/plugins/disco.py", line 98, in prepare
    self._initialized.prepare()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_nginx/configurator.py", line 111, in prepare
    self.conf('server-root'), self.mod_ssl_conf)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_nginx/parser.py", line 29, in __init__
    self.loc = self._set_locations(ssl_options)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_nginx/parser.py", line 179, in _set_locations
    root = self._find_config_root()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_nginx/parser.py", line 202, in _find_config_root
    "Could not find configuration root")
NoInstallationError: Could not find configuration root
2015-09-17 20:16:17,078:DEBUG:letsencrypt.display.ops:Multiple candidate plugins: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x3457a90>
Prep: Unable to run the command: apache2ctl configtest

* manual
Description: Manual Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: manual = letsencrypt.plugins.manual:ManualAuthenticator
Initialized: <letsencrypt.plugins.manual.ManualAuthenticator object at 0x3457bd0>
Prep: True

* standalone
Description: Standalone Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = letsencrypt.plugins.standalone.authenticator:StandaloneAuthenticator
Initialized: <letsencrypt.plugins.standalone.authenticator.StandaloneAuthenticator object at 0x3457a10>
Prep: True
2015-09-17 20:16:26,606:DEBUG:letsencrypt.cli:Picked account: <Account(04d0ddedb53f959c43118a644e22e346)>
2015-09-17 20:16:26,606:DEBUG:root:Sending GET request to acme-staging.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-09-17 20:16:26,609:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2015-09-17 20:16:26,887:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 279
2015-09-17 20:16:26,889:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '279', 'expires': 'Thu, 17 Sep 2015 20:16:26 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Thu, 17 Sep 2015 20:16:26 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'access-control-allow-origin': '*, *', 'replay-nonce': '9CuG5fIcIyQOzsmCi_7JAJ76mRI8HSHODeO7YEoo-0Q'}. Content: '{"new-authz":"https://acme-staging.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-staging.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-staging.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-staging.api.letsencrypt.org/acme/revoke-cert"}'
2015-09-17 20:16:26,890:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '279', 'expires': 'Thu, 17 Sep 2015 20:16:26 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Thu, 17 Sep 2015 20:16:26 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'access-control-allow-origin': '*, *', 'replay-nonce': '9CuG5fIcIyQOzsmCi_7JAJ76mRI8HSHODeO7YEoo-0Q'}): '{"new-authz":"https://acme-staging.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-staging.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-staging.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-staging.api.letsencrypt.org/acme/revoke-cert"}'
2015-09-17 20:16:26,890:DEBUG:letsencrypt.display.ops:No installer, picking names manually
2015-09-17 20:16:32,882:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0018_key-letsencrypt.pem
2015-09-17 20:16:32,885:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/certs/0018_csr-letsencrypt.pem
2015-09-17 20:16:32,885:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/certs/0018_csr-letsencrypt.pem', data='0\x82\x02\x820\x82\x01j\x02\x01\x000\x151\x130\x11\x06\x03U\x04\x03\x0c\n******.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xd8erL\xa7b:\xbd\rV\xe1#K\xa6\x02\xb3\xfd\xa04\x96\xd3\xf4\xcb\x957\xc3\xffn\t>\xff\xa2\x11qdQj>55\x98\xd5\xab\xeb\xccl\xae\xf4\xf8z^\x1d"\x13\xa2\xdaF\xab3\x8eZX\xb4\xcda\xad.\xff8\xd9P\x82\xafcecF\xb4\xe6qA\xd9\x9d\x99\xe3U\xf2FnG5$\xd6\xc0`\x93\xe71U\'\xc94\xe7\xadv\xf2>\x06\x07\xaa;\xc7,\xe1\xecg\rU\xfc\x88\xa8\xa58k\x16<\xf7\xe9\xf4V\x9b\x95\x8dF\x9d\x93\xaa\x88\x9b\'}\xe3n\xa3 u\x1f\x8b\xa9$\x99>\x9cB6\x9a&\x8d\x10\xe7jn\x8d4\x83\xdam\xa6\xe5\xa5\xd9\x0f1\x00r\xe0V\xdf\x9c\xed\xf7\xd3\xcfJ\xb43\x91\xfb+ @\xd6\xb7HO^\xe9\xb4\xc5&i\xf1\xf0~#j\x8b\tg\x17\xc8P\xb5\xe9&\x00\xd7)\x8b\xc0,\x04\xebS\x17\xf4Ag\xc0X\xb2/z\xbb\x87/\x1c\xecw|b# \xda\x1a\x06\xe2\xa1\x15\xd1\x00\xaf\xfaU\x11\xfb\x02\x03\x01\x00\x01\xa0(0&\x06\t*\x86H\x86\xf7\r\x01\t\x0e1\x190\x170\x15\x06\x03U\x1d\x11\x04\x0e0\x0c\x82\n******.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00A\xef\xa7{>\x0cUF\xb9;\x15\x91\\u\x12%\x7fW-\xff\xfb\xb9\x1a\x14\x91f\xb6\xcb\xeaJAN\x04\xdbm#o\x0c\x88\x10Dik\x1e\xb7~\x0e\x1e\x82\x08\xbdv\xfe\xff\xd9\\]!\xfb\x02j\xba\xee({\x16\xec\xac\xa1w\xd9\x11\xbcMT\xa7\xb4\x8a\xe0y\x07@\xadbL\x81\x94\x8d\xad\xac\xa7\\LZ\xbe0\xbf\xa2\xf6\xb4\x94\xc6fb\x1f\x90\xc5E6\xda\x98~\xbfP]N\x9f&7\xff\x01~\xde\xbd\xbaaH\xd9\x9b\xbf}\xc6+\x914\xec\x96\x101\xcc\xa7\x8f\xd2\xd2\x05\xc9\xc7\xf4\x8a\xf5\xd6W\xc7\x1d\xaf\x11y=B8\xb7\x86\x8a\xd9Z\xec(\xcf\xe4\xbfE\xb2\xe8\xb3\xa2\xaaA\xa5\xf3F\x03\xe51|\xc8>\x95\x8b\xc1R!\x86\xeb\xd3\x14\x18\x12\x1b\x12\xe8\xac@\x10\xce\xf5\x16q\x18\xe4Y\xfd\xc3\x84\x89V\x08\x92-\x8dGC\xe3\xb1\x1c\xf5\xbe\xa1\xe1\x19\xd3\x8aa\x12\t\xbeC\xf4\xe2(\x1f-z\x85\x81\x93\xfb\xbc^H1C;\x93b\xed\xa2', form='der'), domains: ['*****.com']
2015-09-17 20:16:32,885:DEBUG:root:Requesting fresh nonce
2015-09-17 20:16:32,885:DEBUG:root:Sending HEAD request to acme-staging.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-09-17 20:16:32,887:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2015-09-17 20:16:33,537:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2015-09-17 20:16:33,539:DEBUG:root:Received <Response [405]>. Headers: {'content-length': '0', 'pragma': 'no-cache', 'expires': 'Thu, 17 Sep 2015 20:16:33 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'allow': 'POST', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Thu, 17 Sep 2015 20:16:33 GMT', 'access-control-allow-origin': '*', 'content-type': 'application/problem+json', 'replay-nonce': '56dumNqxFv8NQBX7szlYxUfRC8Su0ySVwvApHwy83ek'}. Content: ''
2015-09-17 20:16:33,540:DEBUG:acme.client:Storing nonce: '\xe7\xa7n\x98\xda\xb1\x16\xff\r@\x15\xfb\xb39X\xc5G\xd1\x0b\xc4\xae\xd3$\x95\xc2\xf0)\x1f\x0c\xbc\xdd\xe9'
2015-09-17 20:16:33,540:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, status=None, combinations=None, challenges=None
2015-09-17 20:16:33,540:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "******.com"}, "resource": "new-authz"}
2015-09-17 20:16:33,541:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), jku=None, x5t=None, x5tS256=None, alg=None, typ=None, jwk=None, crit=(), x5u=None, kid=None, cty=None
2015-09-17 20:16:33,543:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), jku=None, nonce=None, x5tS256=None, crit=(), x5t=None, typ=None, x5u=None, kid=None, cty=None
2015-09-17 20:16:33,544:DEBUG:root:Sending POST request to acme-staging.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "pzq0Qd_3Hu62tFVjEAQEiArdjD64bfH9rZyPhBycUBtmg24l1519amBTcqjWMSofqjbn6QQNTqafxFREmZDnG5Tao1EmKQWBvyHDYLM-W4kHCyL5nGA7OgHuZZnopgrFExw6XAvrJ0QQFRsvxGznfKxwScIf0FAyDnMsP-HnruyoPzdN0T58DMcXLiJQPLPI0WIz4k7xH5nrxzgiJPaCvIEOoPTl8KCn6x1tPxkDcbuGPgXg_1CKupXB-9ER7VXDYJpnlI7BIZ2VY5iswd9fODE_ntMGslHPAGi59qL6OVWu_Foe95t8w3qPKDLjPhPwfwNCGVqbPnaDJ13hRn4rJQ"}}, "protected": "eyJub25jZSI6ICI1NmR1bU5xeEZ2OE5RQlg3c3psWXhVZlJDOFN1MHlTVnd2QXBId3k4M2VrIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJqb29uZ2wuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "GCX3bQjXfN-mA7yHdN8aqOiclduHTlFguN_SFB3Y9Xn6gr3goxKEbomodkVloH00HA-gzTgUYwFhfbMyF10MVE8fpzB1DmFE3tiZa6yj8kSRFdaT_U2-xpPHXQPnEKGw-x47ETyDreqtr8hlRxdE4tIjgM-9SlIHoJhQximbM_oqPapdTP95rh2olKk6x06e_g8psJrKGDaj3ND24ssEQBYmYGvdtNJQICDleYoPT_ZKqAX3pv-qii0I0KoDZlnyA9sry-xYownctRrVHMh95RfHz4pnrE0CAdDk5PQycKlOuzJ5YU21BN5PWlGnDOQfpRrLN4VJsPsTs_sq6Lu6mQ"}'}
2015-09-17 20:16:33,545:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2015-09-17 20:16:33,830:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 576
2015-09-17 20:16:33,831:DEBUG:root:Received <Response [201]>. Headers: {'content-length': '576', 'expires': 'Thu, 17 Sep 2015 20:16:33 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'link': '<https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"', 'location': 'https://acme-staging.api.letsencrypt.org/acme/authz/bhQ7nZXtBza7G34BSgxxUlQWuUxC0cJ13aRpsIh_YLk', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Thu, 17 Sep 2015 20:16:33 GMT', 'access-control-allow-origin': '*, *', 'content-type': 'application/json', 'x-frame-options': 'DENY', 'replay-nonce': 'HTZ298_ZTIHrQgmoX6B-FPnhIP7x41mXU-56qkhWev4'}. Content: '{"identifier":{"type":"dns","value":"******.com"},"status":"pending","expires":"2016-07-13T20:16:33.696991988Z","challenges":[{"type":"simpleHttp","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/bhQ7nZXtBza7G34BSgxxUlQWuUxC0cJ13aRpsIh_YLk/41121","token":"xSEF-QWs9On_-rWts4daUGFI73CDCmjnnS--gdoSp6A","tls":true},{"type":"dvsni","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/bhQ7nZXtBza7G34BSgxxUlQWuUxC0cJ13aRpsIh_YLk/41131","token":"DcsmH6_LHJFsmX7cSCuly6ByLpJi5aw-XUNWk4N72FM"}],"combinations":[[0],[1]]}'
2015-09-17 20:16:33,832:DEBUG:acme.client:Storing nonce: '\x1d6v\xf7\xcf\xd9L\x81\xebB\t\xa8_\xa0~\x14\xf9\xe1 \xfe\xf1\xe3Y\x97S\xeez\xaaHVz\xfe'
2015-09-17 20:16:33,832:DEBUG:acme.client:Received response <Response [201]> (headers: {'content-length': '576', 'expires': 'Thu, 17 Sep 2015 20:16:33 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'link': '<https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"', 'location': 'https://acme-staging.api.letsencrypt.org/acme/authz/bhQ7nZXtBza7G34BSgxxUlQWuUxC0cJ13aRpsIh_YLk', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Thu, 17 Sep 2015 20:16:33 GMT', 'access-control-allow-origin': '*, *', 'content-type': 'application/json', 'x-frame-options': 'DENY', 'replay-nonce': 'HTZ298_ZTIHrQgmoX6B-FPnhIP7x41mXU-56qkhWev4'}): '{"identifier":{"type":"dns","value":"*****"},"status":"pending","expires":"2016-07-13T20:16:33.696991988Z","challenges":[{"type":"simpleHttp","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/bhQ7nZXtBza7G34BSgxxUlQWuUxC0cJ13aRpsIh_YLk/41121","token":"xSEF-QWs9On_-rWts4daUGFI73CDCmjnnS--gdoSp6A","tls":true},{"type":"dvsni","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/bhQ7nZXtBza7G34BSgxxUlQWuUxC0cJ13aRpsIh_YLk/41131","token":"DcsmH6_LHJFsmX7cSCuly6ByLpJi5aw-XUNWk4N72FM"}],"combinations":[[0],[1]]}'
2015-09-17 20:16:33,833:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-09-17 20:16:33,833:INFO:letsencrypt.auth_handler:dvsni challenge for *****.com
2015-09-17 20:16:33,835:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "./venv/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.1', 'console_scripts', 'letsencrypt')()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/cli.py", line 920, in main
    return args.func(args, config, plugins)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/cli.py", line 332, in auth
    domains, authenticator, installer, plugins):
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/client.py", line 240, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/client.py", line 216, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/client.py", line 174, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/auth_handler.py", line 79, in get_authorizations
    cont_resp, dv_resp = self._solve_challenges()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt/auth_handler.py", line 113, in _solve_challenges
    dv_resp = self.dv_auth.perform(self.dv_c)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_apache/configurator.py", line 1131, in perform
    sni_response = apache_dvsni.perform()
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_apache/dvsni.py", line 65, in perform
    str(self.configurator.config.dvsni_port), True)
  File "/home/ec2-user/letsencrypt/venv/lib/python2.6/site-packages/letsencrypt_apache/configurator.py", line 492, in prepare_server_https
    if "ssl_module" not in self.parser.modules:
AttributeError: 'NoneType' object has no attribute 'modules'

Hi qtiger,

I would like to help if I can. What OS are you running this on? The Apache plugin has really only been developed and tested on Debian, though users of some other OSes with Debian style Apache configuration layouts have reported success.

It appears that you were unable to run the initial configtest. This may be due to the fact that the apache2ctl isn’t available, or that your server is misconfigured.

The plugin should have stopped at this point and only offered the response to what happened. I will have to investigate this path in more detail. Did you forge ahead with Apache (Misconfigured) displayed? I will attempt to explore this path in more detail and try to make the failure a bit smoother.

Feel free to file an issue about this on GitHub or respond back here with more information about your setup.

Thank you for your help,
James

not sure how to do it in python but for shell scripting would be easy to make apache2ctl a variable which is defined depending on Linux OS detected

for example with centos and default apache 2.2.15 in centos 6 with httpd yum package would be something like

if apache was installed via httpd yum package

yum -y install httpd httpd-devel

you will have apachectl at /usr/sbin/apachectl

query what httpd package installed for binaries

rpm -ql httpd | grep sbin
/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

then you'd check and assign variables

if debian and path to /PATH/TO/apache2ctl exists then assign variable

if centos and path to /usr/sbin/apachectl exists then assign variable

then just a matter of parsing the output

/usr/sbin/apachectl -V
Server version: Apache/2.2.15 (Unix)
Server built:   Aug 24 2015 17:52:49
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

OS checks

cat /etc/redhat-release 
CentOS release 6.7 (Final)

cat /etc/redhat-release 
CentOS Linux release 7.1.1503 (Core)

Check for installed version of Apache httpd package

yum list installed -q | grep httpd
httpd.x86_64                       2.2.15-47.el6.centos                @updates 
httpd-devel.x86_64                 2.2.15-47.el6.centos                @updates 
httpd-tools.x86_64                 2.2.15-47.el6.centos                @updates 

can get tricky as CentOS 6.x defaults to Apache 2.2.15 and CentOS 7.x defaults to Apache 2.4.6 and layout can differ

I'm guessing for the widest range of Apache compatibility, you will need to reach out to the following folks to get their input and information one how Apache is setup in their envionrments

• CentOS, Redhat, Fedora
• Cpanel/WHM
• DirectAdmin
• Odin/Plesk
• Virtualmin
• Webmin
• Ubuntu
• Amazon EC2 folks as Amazon AMI image uses Apache 2.2.31 custom RPM build

Hi @eva2000,

Thanks for the info. Yes, I imagine it wouldn’t be that hard to extend better compatibility to other OSes. I have written a python function that might be of some use (determine whether the binary exists).
https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt/le_util.py#L49

The prepare() call in Apache should definitely verify that all binaries exist and try to adapt based on system info.

This has been limited by developer time. PRs are always appreciated. I will file an issue about this on GitHub, but I probably won’t get around to fixing it until I land the cert_manager branch.

Thanks!

you're welcome

unfortunely i am no python coder so can't contribute code wise - just my suggestions and experience

Thank, after work I will have access to the server. This is my first server. I use amazon service. I did not know that linux is better. I put amazon Linux Ami. Now, I know that very little information for this Linux. But this Linux is a fork of centos. Meybe I should better put Ubuntu.

When “manual authenticator” – unable to run the command : apache2ctl configtest.

when “rpm -ql httpd | grep sbin”:

/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

when /usr/sbin/apachectl -V

Server version: Apache/2.2.31 (Unix)
Server built:   Aug 13 2015 23:45:37
Server's Module Magic Number: 20051115:40
Server loaded:  APR 1.5.0, APR-Util 1.4.1
Compiled using: APR 1.5.0, APR-Util 1.4.1
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

when cat /etc/system-release

Amazon Linux AMI release 2015.03

when yum list installed -q | grep httpd

httpd.x86_64                          2.2.31-1.6.amzn1             @amzn-updates
httpd-devel.x86_64                    2.2.31-1.6.amzn1             @amzn-updates
httpd-tools.x86_64                    2.2.31-1.6.amzn1             @amzn-updates

Is this the problem?

If so perhaps use the apache-ctl option.
–apache-ctl apachectl

I am not understand. Letsencrypt not for fork of centOs? Maybe I will install Ubunta.

@qtiger, we hope to start testing officially on CentOS sometime soon. Right now our ongoing testing and development has all been on Ubuntu. So we do want to support CentOS, but we haven’t been able to apply a lot of time and resources to that yet.

applied for beta testing program… so I am up for CentOS side beta testing and feedback…

already have a dedicated vps server setup with dedicated domain all just for letsencrypt client testing for me on CentOS and custom Nginx server

also have a custom Apache 2.4.16 rpm built for CentOS which closely follows CentOS structure I believe.

Just a quick note about the edit of this first post:
it would be helpful for people with the same problem to leave the original text and not a “deleted” notice.

Thank you everyone for asking and answering, this way others like me can learn!

Story, but I deleted secret information. I first installed Amazon Linux, it’s fork of CentOs. But now I installed Ubuntu and it’s all OK.

In that case… you have done what is best!
Security is what we are talking about here at LE after all.

I didn’t want associate my nik with my domains. I deleted only log. I don’t think that important. Other information I don’t delete. First I wanted change nick name but its impossible.

You do know anyone can click on the pencil icon beside the post and see your log which you ‘deleted’ in your edit anyway?

I mentioned that already in a PM, he said he’ll just restore it later.

This is still broken on all OS’s /except/ debian and it’s ilk.

The fix is simple and should really have been implemented by now; use apachectl in the plugin, because that is the command you want, and is the one supplied by the apache developers.
https://httpd.apache.org/docs/2.4/programs/apachectl.html

apache2ctl is a historical hangup from the Debian devs and apache 1.x/2.x fight days. They are now back on plot and apache2ctl is an alias for apachectl.
https://manpages.debian.org/jessie/apache2/apachectl.8.en.html

Workaround (for anybody ending up here like I did) is to create a softlink from apache2ctl to apachectl:

Freebsd:
$ sudo ln -s /usr/local/sbin/apachectl /usr/local/sbin/apache2ctl
(a shell alias didn’t work for me)

Fedora/RHEL/CentOs and other distributions:
$ sudo ln -s /usr/sbin/apachectl /usr/sbin/apache2ctl

Doing this has allowed me to progress onto a second level of mistakes where all the default paths for logs/challenges etc are also debian-tastic hardcoded absolute paths rather than being relative to the apache configuration root. Yay.

You have several switchs to deal with apache paths:

  --apache-enmod APACHE_ENMOD
                        Path to the Apache 'a2enmod' binary. (default:
                        a2enmod)
  --apache-dismod APACHE_DISMOD
                        Path to the Apache 'a2dismod' binary. (default:
                        a2dismod)
  --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                        SSL vhost configuration extension. (default: -le-
                        ssl.conf)
  --apache-server-root APACHE_SERVER_ROOT
                        Apache server root directory. (default: /etc/apache2)
  --apache-vhost-root APACHE_VHOST_ROOT
                        Apache server VirtualHost configuration root (default:
                        /etc/apache2/sites-available)
  --apache-logs-root APACHE_LOGS_ROOT
                        Apache server logs directory (default:
                        /var/log/apache2)
  --apache-challenge-location APACHE_CHALLENGE_LOCATION
                        Directory path for challenge configuration. (default:
                        /etc/apache2)
  --apache-handle-modules APACHE_HANDLE_MODULES
                        Let installer handle enabling required modules for
                        you.(Only Ubuntu/Debian currently) (default: True)
  --apache-handle-sites APACHE_HANDLE_SITES
                        Let installer handle enabling sites for you.(Only
                        Ubuntu/Debian currently) (default: True)

Also, there are tons of acme clients that could fit your needs List of Client Implementations