Installer throwing error message with non-normalized path


#1

Hi all,

I’m trying to get some certificates using the Let’s Encrypt client for two domains on my Linux web server. The web server is Apache 2.4 under Debian 8 on a VPS. I’ve had the VPS for quite a long time - the initial install was in 2003 - and it’s been upgraded through a number of Debian releases, so the Apache 2 configuration is not quite standard.

The Let’s Encrypt installer isn’t playing the game on my installation, and I assume something to do with the way I have Apache setup is responsible for it, but I would like to debug the problem. Unfortunately, the error message and the matching Python code is not really enough for me to figure out what is going wrong. The error message I get from “letsencrypt auth” or “letsencrypt -d ssl.zzap.org auth” is:

An unexpected error occurred. Please see the logfiles in /var/log/letsencrypt for more details.

The log file says the following:
2015-09-17 04:37:46,230:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-09-17 04:37:46,231:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-09-17 04:37:46,231:DEBUG:letsencrypt.cli:Arguments: [’-d’, ‘ssl.zzap.org’, ‘auth’]
2015-09-17 04:37:46,232:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-09-17 04:37:47,377:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/usr/local/bin/letsencrypt”, line 9, in
load_entry_point(‘letsencrypt==0.1’, ‘console_scripts’, ‘letsencrypt’)()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 920, in main
return args.func(args, config, plugins)
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 312, in auth
config, args.authenticator, plugins)
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/display/ops.py”, line 98, in pick_authenticator
config, default, plugins, question, (interfaces.IAuthenticator,))
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/display/ops.py”, line 72, in pick_plugin
verified.prepare()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py”, line 197, in prepare
return [plugin_ep.prepare() for plugin_ep in self._plugins.itervalues()]
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py”, line 98, in prepare
self._initialized.prepare()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py”, line 144, in prepare
self.aug, self.conf(“server-root”), self.conf(“ctl”))
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py”, line 54, in init
self.init_modules()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py”, line 72, in init_modules
matches = self.find_dir(“LoadModule”)
…skipping…
return args.func(args, config, plugins)
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 312, in auth
config, args.authenticator, plugins)
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/display/ops.py”, line 98, in pick_authenticator
config, default, plugins, question, (interfaces.IAuthenticator,))
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/display/ops.py”, line 72, in pick_plugin
verified.prepare()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py”, line 197, in prepare
return [plugin_ep.prepare() for plugin_ep in self._plugins.itervalues()]
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py”, line 98, in prepare
self._initialized.prepare()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py”, line 144, in prepare
self.aug, self.conf(“server-root”), self.conf(“ctl”))
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py”, line 54, in init
self.init_modules()
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py”, line 72, in init_modules
matches = self.find_dir(“LoadModule”)
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py”, line 304, in find_dir
exclude))
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py”, line 282, in find_dir
"%s//[self::directive=~regexp(’%s’)]" % (start, regex))
File “/usr/local/src/letsencrypt/venv/local/lib/python2.7/site-packages/augeas.py”, line 415, in match
raise RuntimeError(“Error during match procedure!”, path)
RuntimeError: (‘Error during match procedure!’, u"/files/etc/apache2/sites-enabled///
[self::directive=~regexp(’([Ll][Oo][Aa][Dd][Mm][Oo][Dd][Uu][Ll][Ee])|([Ii][Nn][Cc][Ll][Uu][Dd][Ee])|([Ii][Nn][Cc][Ll][Uu][Dd][Ee][Oo][Pp][Tt][Ii][Oo][Nn][Aa][Ll])’)]")

It looks like it can’t find the LoadModule command, but this is in /etc/apache2/mods-enabled/ssl.load (for the SSL module). I tried adding it to /etc/apache2/sites-enabled/all, which contains all my site configuration, but that didn’t make any difference. I also tried changing my site configuration to include domain names instead of IP addresses under the VirtualHost commands, but that didn’t make any difference. Beyond this, I tried looking through the Python code, but I don’t really know Python particularly well and the best I could do was figure out where the error message is (…/letsencrypt/letsencrypt-apache/letsencrypt_apache/parser.py) but not how to fix it, or even bypass the offending piece of code.

Does anyone here know how I would at least figure out what the client is looking for that it’s not finding, or how to fix or work around this problem?

Thanks,

Regards,

Simon.


#2

Hi Simon,

Thank you so much for reporting this. I filed an issue on the GitHub repo and assigned myself to it. https://github.com/letsencrypt/letsencrypt/issues/781

The reason is that it should have looked up //* rather than ///*

I am guessing this is due to an atypical include statement.

I will try to start trying to reproduce the bug, but it might help if you could tell me what the include statement is in apache2.conf or httpd.conf

Something like…
IncludeOptional sites-enabled/*.conf
or
Include sites-enabled/

Feel free to respond on the GitHub repo.

Thanks again,
James

I will attempt to resolve this promptly.


#3

It might also be a great help if you run letshelp-letsencrypt. It copies your config, removes all sensitive data from it, confirms the action with you, bundles the copy into a tar ball which you can send us.

It will get placed into our testing infrastructure and then we will never commit a change that doesn’t work on your configuration again.

James


#4

Hi James,

Thanks for the quick response.

Here is the output of a grep of “Include” on my Apache config file which I hope will help:

Include module configuration:

Include /etc/apache2/mods-enabled/.load
Include /etc/apache2/mods-enabled/
.conf

Include all the user configurations:

Include /etc/apache2/httpd.conf

Include ports listing

Include /etc/apache2/ports.conf

Include generic snippets of statements

Include /etc/apache2/conf.d/

Include the virtual host configurations:

Include /etc/apache2/sites-enabled/

I commented out the conf.d include today (after my original post) because there is actually nothing in the conf.d directory - most of the general configuration is in apache2.conf, more or less as it was when inherited from various previous versions. I also tried breaking out the individual sites into separate files, in case that is of any assistance, as I think that is how they are supposed to be.

The /etc/apache2/sites-enabled/ssl.zzap.org file now contains the following:

NameVirtualHost 64.5.53.39:443
< VirtualHost 64.5.53.39:443 >
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl.zzap.org.pem
SSLCertificateKeyFile /etc/ssl/private/ssl.zzap.org.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
ServerAdmin none@[64.5.53.39]
DocumentRoot /var/www/default_site
ServerName default
ErrorLog /var/log/apache2/default-error.log
CustomLog /var/log/apache2/default-access.log combined
< /VirtualHost >
< VirtualHost ssl.zzap.org:443 >
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl.zzap.org.pem
SSLCertificateKeyFile /etc/ssl/private/ssl.zzap.org.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
ServerName ssl.zzap.org
ServerAlias ssl.zzap.org
ServerAdmin webmaster@zzap.org
DocumentRoot /var/www/ssl.zzap.org
ErrorLog /var/log/apache2/ssl.zzap.org-error.log
CustomLog /var/log/apache2/ssl.zzap.org-access.log combined
< Directory /var/log/apache2/ssl.zzap.org >
AllowOverride None
Options None
Order allow,deny
Allow from all
< /Directory >
< /VirtualHost >

The web root only contains one file, which I put there to verify that the server works correctly.

I also ran the ‘letshelp-letsencrypt’ script - actually twice as in the first version the (currently self-signed, testing) certificate for ssl.zzap.org was specified incorrectly. I also provided the corrected version above.

Thanks again,

Regards,

Simon.


#5

Thanks Simon, for all of the info! I found what I believe to be the root of the problem, and am working on a patch now!

I will let you know when I get it merged into master.

Thanks again,
James


#6

Hi Simon,

I believe I addressed the issue in the recent PR.

You should be able to git pull master and run it again

Let me know if issues still aren’t resolved.

Thanks again,
James


#7

6 posts were split to a new topic: Installer can’t find apache2ctl


#8

Install error. Amazon Linux AMI
Installer can't find apache2ctl