Issues detecting apache processes


#1

The full domain name of your site: test.net (obviously testing in this case, working on a Proof of Concept)
The command line you ran: certbot-auto certonly -d test.net --noninteractive --apache --agree-tos --email ****
The output of that command: See bottom output
Name and version of your operating system and your web server: CentOS release 6.5 (Final), Apache 2.4.2/Tomcat 7.0.77
What type of hosting provider you are using, if applicable: AWS

Output from the commands seem to point towards an issue detecting and confirming apache. This is a proprietary set up so I’m guessing certbot can’t detect the processes in this scenario. It also doesn’t detect HTTPD despite the processes running. Additionally, we use a custom configuration for vhosts that applies to multiple configuration files. This is all a POC example so I’m not even sure if this is possible (and I don’t want to share too much company information as well).

Output:

#################

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.net
Cleaning up challenges
Error while running apachectl graceful.
httpd not running, trying to start

(98)Address already in use: make_sock: unable to listen for connections on address [::]:80
(98)Address already in use: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

Unable to restart apache using [‘apachectl’, ‘graceful’]
Error while running apachectl restart.
httpd not running, trying to start

(98)Address already in use: make_sock: unable to listen for connections on address [::]:80
(98)Address already in use: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

Encountered exception during recovery
Error while running apachectl restart.
httpd not running, trying to start

(98)Address already in use: make_sock: unable to listen for connections on address [::]:80
(98)Address already in use: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 73, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 124, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2117, in perform
http_response = http_doer.perform()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 70, in perform
self._mod_config()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 97, in _mod_config
for vh in self._relevant_vhosts():
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 134, in _relevant_vhosts
" {0}.".format(http01_port))
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2021, in _reload
util.run_script(self.constant(“restart_cmd”))
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/util.py”, line 85, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apachectl graceful.
httpd not running, trying to start

(98)Address already in use: make_sock: unable to listen for connections on address [::]:80
(98)Address already in use: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/error_handler.py”, line 103, in _call_registered
self.funcs-1
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 308, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2148, in cleanup
self.restart()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2011, in restart
self._reload()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 2039, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apachectl restart.
httpd not running, trying to start

(98)Address already in use: make_sock: unable to listen for connections on address [::]:80
(98)Address already in use: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.


#2

Certbot only tries to “detect” your Apache setup based on your operating system’s defaults. If you’ve set up something completely custom, you’ll have to tell Certbot about it explicitly. There are several options required to do so; type certbot-auto --help apache for a list. (--apache-server-root, --apache-vhost-root etc)

Of course, you don’t have to use the --apache plugin at all; if it seems to be too much trouble to get it working, you could try --webroot instead and do the Apache configuration yourself manually.


#3

I’ll poke around with the options for it some more, thanks for the info!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.