Installer can't find apache2ctl


#3

not sure how to do it in python but for shell scripting would be easy to make apache2ctl a variable which is defined depending on Linux OS detected

for example with centos and default apache 2.2.15 in centos 6 with httpd yum package would be something like

if apache was installed via httpd yum package

yum -y install httpd httpd-devel

you will have apachectl at /usr/sbin/apachectl

query what httpd package installed for binaries

rpm -ql httpd | grep sbin
/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

then you’d check and assign variables

if debian and path to /PATH/TO/apache2ctl exists then assign variable

if centos and path to /usr/sbin/apachectl exists then assign variable

then just a matter of parsing the output

/usr/sbin/apachectl -V
Server version: Apache/2.2.15 (Unix)
Server built:   Aug 24 2015 17:52:49
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

OS checks

cat /etc/redhat-release 
CentOS release 6.7 (Final)

cat /etc/redhat-release 
CentOS Linux release 7.1.1503 (Core)

Check for installed version of Apache httpd package

yum list installed -q | grep httpd
httpd.x86_64                       2.2.15-47.el6.centos                @updates 
httpd-devel.x86_64                 2.2.15-47.el6.centos                @updates 
httpd-tools.x86_64                 2.2.15-47.el6.centos                @updates 

can get tricky as CentOS 6.x defaults to Apache 2.2.15 and CentOS 7.x defaults to Apache 2.4.6 and layout can differ

I’m guessing for the widest range of Apache compatibility, you will need to reach out to the following folks to get their input and information one how Apache is setup in their envionrments

  • CentOS, Redhat, Fedora
  • Cpanel/WHM
  • DirectAdmin
  • Odin/Plesk
  • Virtualmin
  • Webmin
  • Ubuntu
  • Amazon EC2 folks as Amazon AMI image uses Apache 2.2.31 custom RPM build

#4

Hi @eva2000,

Thanks for the info. Yes, I imagine it wouldn’t be that hard to extend better compatibility to other OSes. I have written a python function that might be of some use (determine whether the binary exists).
https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt/le_util.py#L49

The prepare() call in Apache should definitely verify that all binaries exist and try to adapt based on system info.

This has been limited by developer time. PRs are always appreciated. I will file an issue about this on GitHub, but I probably won’t get around to fixing it until I land the cert_manager branch.

Thanks!


#5

you’re welcome :smile:

unfortunely i am no python coder so can’t contribute code wise - just my suggestions and experience :slight_smile:


#6

Thank, after work I will have access to the server. This is my first server. I use amazon service. I did not know that linux is better. I put amazon Linux Ami. Now, I know that very little information for this Linux. But this Linux is a fork of centos. Meybe I should better put Ubuntu.


#7

When “manual authenticator” – unable to run the command : apache2ctl configtest.

when “rpm -ql httpd | grep sbin”:

/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

when /usr/sbin/apachectl -V

Server version: Apache/2.2.31 (Unix)
Server built:   Aug 13 2015 23:45:37
Server's Module Magic Number: 20051115:40
Server loaded:  APR 1.5.0, APR-Util 1.4.1
Compiled using: APR 1.5.0, APR-Util 1.4.1
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

when cat /etc/system-release

Amazon Linux AMI release 2015.03

when yum list installed -q | grep httpd

httpd.x86_64                          2.2.31-1.6.amzn1             @amzn-updates
httpd-devel.x86_64                    2.2.31-1.6.amzn1             @amzn-updates
httpd-tools.x86_64                    2.2.31-1.6.amzn1             @amzn-updates

#8

Is this the problem?

If so perhaps use the apache-ctl option.
–apache-ctl apachectl


#9

I am not understand. Letsencrypt not for fork of centOs? Maybe I will install Ubunta.


#10

@qtiger, we hope to start testing officially on CentOS sometime soon. Right now our ongoing testing and development has all been on Ubuntu. So we do want to support CentOS, but we haven’t been able to apply a lot of time and resources to that yet.


#11

applied for beta testing program… so I am up for CentOS side beta testing and feedback…

already have a dedicated vps server setup with dedicated domain all just for letsencrypt client testing for me on CentOS and custom Nginx server :slight_smile:

also have a custom Apache 2.4.16 rpm built for CentOS which closely follows CentOS structure I believe.


#12

Just a quick note about the edit of this first post:
it would be helpful for people with the same problem to leave the original text and not a “deleted” notice.

Thank you everyone for asking and answering, this way others like me can learn!


#13

Story, but I deleted secret information. I first installed Amazon Linux, it’s fork of CentOs. But now I installed Ubuntu and it’s all OK.


#14

In that case… you have done what is best! :smile:
Security is what we are talking about here at LE after all.


#15

I didn’t want associate my nik with my domains. I deleted only log. I don’t think that important. Other information I don’t delete. First I wanted change nick name but its impossible.


#16

You do know anyone can click on the pencil icon beside the post and see your log which you ‘deleted’ in your edit anyway?


#17

I mentioned that already in a PM, he said he’ll just restore it later.


#18

This is still broken on all OS’s /except/ debian and it’s ilk.

The fix is simple and should really have been implemented by now; use apachectl in the plugin, because that is the command you want, and is the one supplied by the apache developers.
https://httpd.apache.org/docs/2.4/programs/apachectl.html

apache2ctl is a historical hangup from the Debian devs and apache 1.x/2.x fight days. They are now back on plot and apache2ctl is an alias for apachectl.
https://manpages.debian.org/jessie/apache2/apachectl.8.en.html


#19

Workaround (for anybody ending up here like I did) is to create a softlink from apache2ctl to apachectl:

Freebsd:
$ sudo ln -s /usr/local/sbin/apachectl /usr/local/sbin/apache2ctl
(a shell alias didn’t work for me)

Fedora/RHEL/CentOs and other distributions:
$ sudo ln -s /usr/sbin/apachectl /usr/sbin/apache2ctl

Doing this has allowed me to progress onto a second level of mistakes where all the default paths for logs/challenges etc are also debian-tastic hardcoded absolute paths rather than being relative to the apache configuration root. Yay.


#20

You have several switchs to deal with apache paths:

  --apache-enmod APACHE_ENMOD
                        Path to the Apache 'a2enmod' binary. (default:
                        a2enmod)
  --apache-dismod APACHE_DISMOD
                        Path to the Apache 'a2dismod' binary. (default:
                        a2dismod)
  --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                        SSL vhost configuration extension. (default: -le-
                        ssl.conf)
  --apache-server-root APACHE_SERVER_ROOT
                        Apache server root directory. (default: /etc/apache2)
  --apache-vhost-root APACHE_VHOST_ROOT
                        Apache server VirtualHost configuration root (default:
                        /etc/apache2/sites-available)
  --apache-logs-root APACHE_LOGS_ROOT
                        Apache server logs directory (default:
                        /var/log/apache2)
  --apache-challenge-location APACHE_CHALLENGE_LOCATION
                        Directory path for challenge configuration. (default:
                        /etc/apache2)
  --apache-handle-modules APACHE_HANDLE_MODULES
                        Let installer handle enabling required modules for
                        you.(Only Ubuntu/Debian currently) (default: True)
  --apache-handle-sites APACHE_HANDLE_SITES
                        Let installer handle enabling sites for you.(Only
                        Ubuntu/Debian currently) (default: True)

Also, there are tons of acme clients that could fit your needs List of Client Implementations


#21

OOPS sorry.
Hardcoded DEFAULT paths.
there … fixed it for you.
Now please do the same and fix the plugin.


#22

certbot apache plugin is using several overrides depending on what OS is being executed and using the DEFAULTS for that OS (as far as I can see, there are overrides for Arch Linux, CentOS, Darwin, Suse, Debian and Gentoo)…

Maybe you are being frustated because there aren’t overrides for *BSD or it is not working as expected in your OS, so, if that is the case, you could open an issue explaining the problem and if there is some error or is worth to add an override for *BSD I’m pretty sure certbot’s developers will take care.

Have a nice day,
sahsanu