Problems using letsencrypt-client in Beta

rme · October 22, 2015, 6:20am

Hi,
I signed up for the Let's Encrypt Closed Beta, and decided to try it on my domain. Using Ubuntu Server 12.04.4 LTS and Apache/2.2.22 as a web server.

I executed this commands as root:

 git clone https://github.com/letsencrypt/letsencrypt
 cd letsencrypt
 ./letsencrypt-auto --agree-dev-preview --server \
 https://acme-v01.api.letsencrypt.org/directory auth

Three options were shown:

Apache Web server - Alpha (apache) [Misconfigured]
Manual Autentication (manual)
Standalone Autentication (standalone)

I choose Apache Web server, enter the domain and then:

         (98)Address already in use: make_sock: could not bind to address     x
       x 0.0.0.0:80                                                           x
       x no listening sockets available, shutting down                        x
       x Unable to open logs                                                  x
       x Encountered exception during recovery                                x
       x 'NoneType' object has no attribute 'init_modules'                    x
       x Traceback (most recent call last):                                   x
       x   File                                                               x
       x "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/le x
       x tsencrypt/error_handler.py", line 69, in call_registered             x
       x     self.funcs[-1]()                                                 x
       x   File                                                               x
       x "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/le x
       x tsencrypt/auth_handler.py", line 280, in _cleanup_challenges         x
       x     self.dv_auth.cleanup(dv_c)                                       x
       x   File                                                               x
       x "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/le x
       x tsencrypt_apache/configurator.py", line 1164, in cleanup             x
       x     self.parser.init_modules()                                       x
       x AttributeError: 'NoneType' object has no attribute 'init_modules' 

An unexpected error occurred.
AttributeError: 'NoneType' object has no attribute 'modules'
Please see the logfiles in /var/log/letsencrypt for more details.

Then I stopped Apache2 and I tried the second option and then third option with same result, cannot bind port 80 / apache2 with pidxxxx is running on port 443 or something related.

Finally I used a command to view the currently used ports and I found this:

80 tcp 4/- - PIDroot /usr/sbin/apache2 -D DUMP_RUN_CFG /usr/lib/apache2/mpm-prefork/apache2
80 tcp 4/- - PID www-data /usr/sbin/apache2 -D DUMP_RUN_CFG /u...he2/mpm-prefork/apache2
80 tcp 4/- - PID www-data /usr/sbin/apache2 -D DUMP_RUN_CFG /u...he2/mpm-prefork/apache2
80 tcp 4/- - PID www-data /usr/sbin/apache2 -D DUMP_RUN_CFG /u...he2/mpm-prefork/apache2

I stopped Apache2 again and tried Standalone Autentication (standalone) with the same result, apache2 running again.

I started another SSH terminal and repeat the Standalone Autentication (standalone) but stopping apache2 every 4 seconds and it finally worked.

I dont have a cron starting apache2 or something like that.

I post my experience here because I believe is a client problem.

Archer · October 22, 2015, 8:08am

It’s possible when you are stopping Apache, you might be missing some rouge pids. Try a command like this:
ps aux | grep apache2

Where you are listing processes and looking for Apache. If there is anything listening on port 80/443 it should show up there. Use the PID to "kill -9 pid# ", sometimes there can be multiple defunct pids. Let us know

–.Archer

schoen · October 22, 2015, 6:34pm

I think the client currently states a single PID that is listening on that port, but that might not be what people really need to know in this context (for example, if the Apache master server constantly forks new children when an existing child exits?).

Perhaps we should document something like “all instances” or “all processes associated with this server” as what needs to be stopped in order to run standalone, rather than just the PID that was most recently listening on that port?

schoen · October 22, 2015, 6:35pm

@rme, thanks very much for the report and for trying our service, and please let us know what you think of @Archer’s observation!

rme · October 22, 2015, 6:51pm

I believe that apache was fully stopped (there was no process using port 80 or 433).
The problem was that Apache was starting by his own and binding that ports (apache2 -D DUMP_RUN_CFG), thats why when I stopped it every 4 seconds the Standalone Autentication (standalone) worked fine.

Also the Apache Web server - Alpha (apache) [Misconfigured] didn’t work either, when Apache was running an error ((98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down) was shown and when Apache was stopped the option disappears.

I will try now in another Ubuntu Server.

schoen · October 22, 2015, 6:55pm

@rme, do you know what was making Apache start on its own? Is it something like the init process?

iblch · October 28, 2015, 10:23pm

@schoen, I believe that letsencrypt-apache/letsencrypt_apache/parser.py:125 is starting apache. Specifically, with the option -D DUMP_RUN_CFG. Should it also say -t, maybe?

schoen · October 29, 2015, 2:58pm

@iblch, I think @jftr suggested that -t idea in another thread:

Maybe @bmw can take a look at this question.

jftr · October 30, 2015, 9:01am

The -t flag seems only to be part of the solution. See

(I'll continue discussing this in a GitHub issue which seems to be the more appropriate place)