Problem installing certificate - apache2ctl graceful


#1

Hello. I have got a VPS server with Apache2 on Debian. I wanted to install lets encrypt certificate, so I have done so far:

log in to SSH
saved "deb http://ftp.debian.org/debian jessie-backports main" into /etc/apt/sources.list
Run apt-get update

No error so far
than entered: "sudo apt-get install python-certbot-apache -t jessie-backports"
No error so far

And last I’ve entered this : " sudo certbot --apache "

And I have got this:

"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel):domain.com
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel):mail@domain.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/©ancel: A
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for domain.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
/usr/lib/python2.7/dist-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from ‘char *’ to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)
result_code = _lib.RAND_bytes(result_buffer, num_bytes)
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
(98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

(98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

(98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/error_handler.py”, line 99, in _call_registered
self.funcs-1
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 280, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1769, in cleanup
self.restart()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1658, in restart
self._reload()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1669, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

(98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
(98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

"

Am I missing anything here?


#2

Could you please show the output of the command:

sudo netstat --tcp -lpn


#3

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1043/httpd
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 247/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 247/dovecot
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 241/exim
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 279/clamd
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 247/dovecot
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 2270/spamd.pid -d -
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 247/dovecot
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1043/httpd
tcp 0 0 0.0.0.0:59184 0.0.0.0:* LISTEN 232/sshd
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 241/exim
tcp 0 0 78.46.31.21:53 0.0.0.0:* LISTEN 1211/named
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 1211/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1211/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1211/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 241/exim
tcp6 0 0 :::3306 :::* LISTEN 756/mysqld
tcp6 0 0 :::587 :::* LISTEN 241/exim
tcp6 0 0 :::2222 :::* LISTEN 3968/directadmin
tcp6 0 0 :::59184 :::* LISTEN 232/sshd
tcp6 0 0 :::465 :::* LISTEN 241/exim
tcp6 0 0 :::53 :::* LISTEN 1211/named
tcp6 0 0 :::21 :::* LISTEN 1122/proftpd: (acce
tcp6 0 0 ::1:953 :::* LISTEN 1211/named
tcp6 0 0 :::25 :::* LISTEN 241/exim


#4

OK, httpd listens on ports 80 and 443.
What is the output if you just invoke apache2ctl graceful now?


#5

After I’ve input apache2ctl graceful I get the results:

httpd not running, trying to start
(98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Action ‘graceful’ failed.
The Apache error log may have more information.


#6

Hmm, there seems to be something misconfigured. Maybe Apache runs but the service script does not find the pidfile for some reason?

You could try the following:

$ sudo killall httpd

This will stop all running instances of Apache.
Then try to start the service again:

$ sudo apache2ctl start

If this succeeds, just try to graceful reload it afterwards, when this works get back to certbot.


#7

OK, so I’ve entered sudo killall httpd and it works ( I mean there was no error )
Than I’ve entered sudo apache2ctl start and it also works ( no error )
Than I’ve entered apache2ctl graceful and also no errors ( so your advice worked )

I did not yet try certbot, cause now my website do not work ( when I enter my site name in the browser I get Apache2 Debian Default Page ). Can I fix it?


#8

I wonder how it could work at all beforehand.

Have a look into /etc/apache2/sites-available and /etc/apache2/sites-enabled.
Are there any files?


#9

In the first one are 000-default.conf and default-ssl.conf
in the second one is 000-default.conf


#10

What about the command (please replace your domain in it):

$ sudo grep -r domain /etc/apache2


#11

so I should type sudo grep -r domain.com /etc/apache2

by domain.com I mean my real domain name, right?


#12

OK. I’ve correct it. I needed to change 000-default.conf to point to my website folders.

I did run certbot, and I again needed to change 000-default.conf to point to my domain folder.

So I’ve got Congratulations message. I went to https://www.ssllabs.com/ssltest/analyze.html?d= to analyze my domain. I did score Overall Rating A. But if I go to my website by https://domain.com I get ERR_SSL_SERVER_CERT_BAD_FORMAT in Google Chrome.


#13

Hello again. Now, when I want to verify my address using https://www.ssllabs.com/ssltest/analyze.html?d=2 it is showing me:

Certificate name mismatch

and

Try these other domain names (extracted from the certificates):

localhost

What can I do now?


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.