N00b struggling with Apache Server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: drinkcana.com

I ran this command: sudo certbot --apache -d drinkcana.com -d www.drinkcana.com

It produced this output:
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

My web server is (include version):
Apache 2.2.32 (Unix)

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
Google Cloud Compute Engine

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


Additional Context:
So I think I know a little of what’s happening. I’m using a Jetware installation which includes a second version of apache (http://jetware.io/appliances/jetware/lamp7-170503/profile )

Certbot is looking in the “standard” Apache folder for the running vhost, but it’s actually running in /jet/etc/apache

So when I shut down the “standard” apache, and restart with the Jetware Apache the Certificates don’t apply anymore.

Is there any way (and is it as simple as) pointing Certbot to look in the different apache directory to do it’s thing?
Or if I want to use certbot, would it be easier to just use the “standard” apache?

PS: I’m partially comfortable with Command line but would classify myself as a n00b because I’m primarily self taught.

There are some parameters:

apache:
  Apache Web Server plugin

  --apache-enmod APACHE_ENMOD
                        Path to the Apache 'a2enmod' binary (default: a2enmod)
  --apache-dismod APACHE_DISMOD
                        Path to the Apache 'a2dismod' binary (default:
                        a2dismod)
  --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                        SSL vhost configuration extension (default: -le-
                        ssl.conf)
  --apache-server-root APACHE_SERVER_ROOT
                        Apache server root directory (default: /etc/apache2)
  --apache-vhost-root APACHE_VHOST_ROOT
                        Apache server VirtualHost configuration root (default:
                        None)
  --apache-logs-root APACHE_LOGS_ROOT
                        Apache server logs directory (default:
                        /var/log/apache2)
  --apache-challenge-location APACHE_CHALLENGE_LOCATION
                        Directory path for challenge configuration (default:
                        /etc/apache2)
  --apache-handle-modules APACHE_HANDLE_MODULES
                        Let installer handle enabling required modules for you
                        (Only Ubuntu/Debian currently) (default: True)
  --apache-handle-sites APACHE_HANDLE_SITES
                        Let installer handle enabling sites for you (Only
                        Ubuntu/Debian currently) (default: True)
  --apache-ctl APACHE_CTL
                        Full path to Apache control script (default:
                        apache2ctl)

But it can be a little fragile. An easier approach might be to use certbot certonly and manually configure your Jetware Apache server to use the certificate.

1 Like

It seems that the --apache plugin is unable to restart apache (gracefully) via apachectl.
I don’t know that I can fix that… but there are other ways to get this to work.

  1. use webroot
    --webroot -w /path/to/document/root

  2. define a specific location for all challenge requests (using mod alias)

     LoadModule alias_module modules/mod_alias.so

     <IfModule alias_module>
           Alias /.well-known/acme-challenge/ /ACMEchallenge/
     </IfModule>

[where /ACMEchallenge/ is any folder of your choosing - but must exist and be accessible to certbot]

  1. use --standalone (not recommended - last choice)
    a. stop apache
    b. certbot certonly --standalone -d your.domains
    c. start apache

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.