Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: /usr/local/bin/certbot-auto --apache
It produced this output: Installed 32 MB worth of new packages (mostly python34 stuff and died at the end with NoInstallationError(âCannot find Apache executable apache2ctlâ,)
My web server is (include version): Apache (NOT Apache2. Apache2 is not provided by yum for SL6.x)
The operating system my web server runs on is (include version):Scientific Linus 6.x (a recompilation of RHEL 6.x, same as CentOS 6.x)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donât know): Yes, itâs my own server.
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): No.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot): certbot 0.36.0
Certbot uses some distribution-specific information in order to figure out things like where to find your Apache installation. Iâm guessing that it doesnât know about Scientific Linux and so is using defaults that donât properly apply to your environment.
@bmw, is there a straightforward way to edit the overrides in order to tell certbot-auto that this distro is like CentOS?
Unfortunately Iâm not sure itâs super straightforward, but it should be workable.
@JHBrewer, for now youâll need to set some of the CLI options that can be seen with /usr/local/bin/certbot-auto --help apache. I suspect youâll at least need to add --apache-server-root /etc/httpd --apache-ctl apachectl to the command line.
To help us fix our Apache pluginâs automatic detection of the OS itâs run on though, Iâd love it if you could run another command for me and provide me the output. That command is:
@JHBrewer, sorry for the 2nd message but I just noticed a mistake in the CLI flags I recommended you set. It should be: --apache-server-root /etc/httpd --apache-ctl apachectl
Previously I had --apache-ctl httpd. Iâve edited my previous post to reflect this as well.
Okay, but Iâm a little confused: ââapache-server-root /etc/httpd --apache-ctl apachectlâ looks like switches for some actual bash command, and Iâm not sure which! Can you spell out the whole command for me?
I assume Certbot crashed before it obtained a certificate for you? You can fix that problem by also adding --apache-challenge-location /etc/httpd. That will allow you to get a certificate but I just tested creating a setup similar to yours and Certbot failed to install the certificate because itâs not properly recognizing itâs on a RHEL 6 based system and trying to set SSL directives that are only available in newer versions of Apache.
Well, it certainly tried hard. I sheepishly admit that I donât know how to tell if it succeeded. Where should I look for what file(s)? Everything Iâve looked for so far seems to be there.
Iâm not sure what you mean by the Apache âpluginâ â I have a full LAMP server here. Please donât recommend that I âupgradeâ to SL7 or SL8. I tried that, and was unable to compile any of my old fortran code. Similarly with ânew, improvedâ PHP, MySQL and other essentials. When did âdownward compatibilityâ become anathema??
Are there directories containing certificates in /etc/letsencrypt/live and were your files in /etc/httpd modified to use those certificates? A decent way to search for the latter is a command like grep -r '/etc/letsencrypt' /etc/httpd.
Sorry. This is Certbot jargon. Certbot has an Apache "plugin" that is included with certbot-auto and is normally able to automatically both obtain and configure a certificate for use with an Apache webserver. Unfortunately, many OSes have heavily customized their Apache setup so the code relies on properly detecting the distro it's run on. It appears this detection is broken on Scientific Linux 6 so assuming you didn't find that Certbot had properly modified your server above, this feature isn't going to work until we put out a release to fix the problem.
There is no live directory under /etc/letsencrypt/ and #grep -r â/etc/letsencryptâ /etc/httpd draws a blank. Oh well, I guess Iâll follow the alternate path. Maybe not todayâŚ