NoInstallationError('Cannot find Apache executable apache2ctl',)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jick.net

I ran this command: /usr/local/bin/certbot-auto --apache

It produced this output: Installed 32 MB worth of new packages (mostly python34 stuff and died at the end with NoInstallationError(‘Cannot find Apache executable apache2ctl’,)

My web server is (include version): Apache (NOT Apache2. Apache2 is not provided by yum for SL6.x)

The operating system my web server runs on is (include version):Scientific Linus 6.x (a recompilation of RHEL 6.x, same as CentOS 6.x)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, it’s my own server.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.36.0

Hi @JHBrewer,

Certbot uses some distribution-specific information in order to figure out things like where to find your Apache installation. I’m guessing that it doesn’t know about Scientific Linux and so is using defaults that don’t properly apply to your environment.

@bmw, is there a straightforward way to edit the overrides in order to tell certbot-auto that this distro is like CentOS?

Unfortunately I’m not sure it’s super straightforward, but it should be workable.

@JHBrewer, for now you’ll need to set some of the CLI options that can be seen with /usr/local/bin/certbot-auto --help apache. I suspect you’ll at least need to add --apache-server-root /etc/httpd --apache-ctl apachectl to the command line.

To help us fix our Apache plugin’s automatic detection of the OS it’s run on though, I’d love it if you could run another command for me and provide me the output. That command is:

/opt/eff.org/certbot/venv/bin/python -c 'from certbot.util import get_os_info, get_systemd_os_like; print(get_os_info()); print(get_systemd_os_like())'

EDIT: --apache-ctl should be apachectl not httpd on RHEL 6 based systems.

1 Like

(‘Scientific Linux’, ‘6.10’)
[’’]

2 Likes

Thanks @JHBrewer. I created https://github.com/certbot/certbot/issues/7248 for us to track fixing automatic detection of Scientific Linux and https://github.com/certbot/certbot/issues/7249 to improve the error messages here to better explain what is going on.

2 Likes

@JHBrewer, sorry for the 2nd message but I just noticed a mistake in the CLI flags I recommended you set. It should be:
--apache-server-root /etc/httpd --apache-ctl apachectl
Previously I had --apache-ctl httpd. I’ve edited my previous post to reflect this as well.

Okay, but I’m a little confused: “–apache-server-root /etc/httpd --apache-ctl apachectl” looks like switches for some actual bash command, and I’m not sure which! Can you spell out the whole command for me?

1 Like

I believe the complete command to run would be something like:

/usr/local/bin/certbot-auto --apache --apache-server-root /etc/httpd --apache-ctl apachectl
1 Like

Well, that seemed to work; however, there were error messages:

Cleaning up challenges
File: /etc/apache2/le_http_01_challenge_pre.conf - Could not be found to be deleted

  • Certbot probably shut down unexpectedly
    File: /etc/apache2/le_http_01_challenge_post.conf - Could not be found to be deleted
  • Certbot probably shut down unexpectedly
    An unexpected error occurred:
    Traceback (most recent call last):

If you want to see it all, I can include a txt file if you tell me how.

I assume Certbot crashed before it obtained a certificate for you? You can fix that problem by also adding --apache-challenge-location /etc/httpd. That will allow you to get a certificate but I just tested creating a setup similar to yours and Certbot failed to install the certificate because it’s not properly recognizing it’s on a RHEL 6 based system and trying to set SSL directives that are only available in newer versions of Apache.

Unfortunately there are not currently any options to control this behavior. I created another issue to track this problem at https://github.com/certbot/certbot/issues/7255.

For now, I would recommend not using the Apache plugin on Scientific Linux 6. You can find instructions for how to use Certbot in this way at https://certbot.eff.org/lets-encrypt/centos6-other.

1 Like

Well, it certainly tried hard. I sheepishly admit that I don’t know how to tell if it succeeded. Where should I look for what file(s)? Everything I’ve looked for so far seems to be there.

I’m not sure what you mean by the Apache “plugin” – I have a full LAMP server here. Please don’t recommend that I “upgrade” to SL7 or SL8. I tried that, and was unable to compile any of my old fortran code. Similarly with “new, improved” PHP, MySQL and other essentials. When did “downward compatibility” become anathema??

Are there directories containing certificates in /etc/letsencrypt/live and were your files in /etc/httpd modified to use those certificates? A decent way to search for the latter is a command like grep -r '/etc/letsencrypt' /etc/httpd.

Sorry. This is Certbot jargon. Certbot has an Apache “plugin” that is included with certbot-auto and is normally able to automatically both obtain and configure a certificate for use with an Apache webserver. Unfortunately, many OSes have heavily customized their Apache setup so the code relies on properly detecting the distro it’s run on. It appears this detection is broken on Scientific Linux 6 so assuming you didn’t find that Certbot had properly modified your server above, this feature isn’t going to work until we put out a release to fix the problem.

If your previous runs of certbot-auto didn’t work, I recommend you follow the instructions at https://certbot.eff.org/lets-encrypt/centos6-other.

1 Like

There is no live directory under /etc/letsencrypt/ and #grep -r ‘/etc/letsencrypt’ /etc/httpd draws a blank. Oh well, I guess I’ll follow the alternate path. Maybe not today…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.