Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: The following packages have unmet dependencies:
python-virtualenv : Depends: python-pip-whl (>= 8.1.1-2) but 1.5.6-5 is to be installed
virtualenv : Depends: python3-virtualenv but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
My web server is (include version): Apache/2.4.25 (Debian)
The operating system my web server runs on is (include version):ReadyNASOS 6.10.2 (Debian 8 - Jessie)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donât know): Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot): The above error precludes even obtaining certbot-auto version, but it was downloaded within the past 7 days.
I have also posted this issue on the Netgear community forum, but so-far no response.
OK, thanks rg305. dpkg --configure -a produced this output:
Setting up nfs-kernel-server (1:1.2.8-9+deb8u1) âŚ
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
update-rc.d: error: initscript does not exist: /etc/init.d/nfs-kernel-server
dpkg: error processing package nfs-kernel-server (âconfigure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
nfs-kernel-server
I guess we have to bear in mind that The ReadyNAS OS uses a very pared down version of Debian, but Iâm out of my depth here!
Well, having restored the system to factory settings and re-installed my apps, I have managed to get ssl certificates using acme.sh. Now the problem is, where do I put them? Polite answers only please.)
The ReadyNAS OS uses Apache 2.4 and the 000-default.conf file in sites-available says the DocumentRoot is at /var/www/html, but there is no html directory in /var/www, just an html.index file.
Anything else seems to be pointing to frontview, which is the web facing control panel for the NAS. So looking at sites-enabled/000-fv-https.conf points to an ssl.conf file in /etc/frontview/apache which points to an apache2.pem file in the same directory. Thats the only certificate file I can find on the system. There is no sign of a fullchain.cer, ca.cer or a key file anywhere. So Iâm not sure how to proceed. Any ideas anyone?
There are two parts to solving this.
One: understand how and where Apache puts files and expects things to be (including order).
Two: understand where acme.sh puts certificate file information and how they should be accessed.
For part one, I would start with understanding what you already have.
apachectl -S
[this can show you which names are being served by which files]
create/modify ssl enabled file to serve encrypted access via desired name.
[this requires use of cert files found in part two]
For part two, you should be able to find cert files within the /root/.acme.sh/ folder.
[if not there, try using find or which commands to locate where acme.sh is installed]
Some tips and gotchas:
Apache processes files alphabetically, so if/when thereâs a name overlap it will use the first match.
[name your files accordingly - most important first, least/default important last]
acme.sh may stores cert files with restricted access rights - esp. the private key file
[ensure apache has sufficient privilege to those files or try creating links with required access]
And of course, we are always here for any additional Q&A.
All the best, on this and through your holidays
Many thanks rg305 for your very helpful reply. Well, I say helpful⌠here are the results of apachetl -S:
AH00558: apache2: Could not reliably determine the serverâs fully qualified domain name, using fe80::eafc:afff:fee4:d252. Set the âServerNameâ directive globally to suppress this message
VirtualHost configuration:
*:80 fe80::eafc:afff:fee4:d252 (/etc/apache2/sites-enabled/000-fv-http.conf:1)
*:443 fe80::eafc:afff:fee4:d252 (/etc/apache2/sites-enabled/000-fv-https.conf:2)
ServerRoot: â/etc/apache2â
Main DocumentRoot: â/var/www/htmlâ
Main ErrorLog: âsyslogâ
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ldap-cache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: â/var/run/apache2.pidâ
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=âadminâ id=98
Group: name=âadminâ id=98
So then, the contents of /etc/apache2/sites-enabled/000-fv-http.conf are:
<VirtualHost *:80>
Include â/etc/frontview/apache/defaults.confâ
Include â/etc/frontview/apache/http-share-redirect.confâ
Include â/etc/frontview/apache/fv-admin.confâ
Include â/etc/frontview/apache/Shares.confâ
Include â/etc/frontview/apache/apps-https.confâ
Include â/etc/frontview/apache/READYDROP.confâ
Include â/etc/frontview/apache/lan-try.confâ
As you can see, it includes a whole load of other files and Iâve tried to work out whatâs going on but Iâm not enough of an Apache expert to know how to proceed.
Nextcloud gets referred to in /etc/frontview/apache/apps-https.conf and points to /apps/nextcloud/https.conf:
Alias /nextcloud /apps/nextcloud/web
<Directory /apps/nextcloud/web>
Options -MultiViews +FollowSymLinks -Indexes
AllowOverride all
Order allow,deny
Allow from all
php_admin_value upload_tmp_dir â/apps/nextcloud/web/data/data/tmpâ
Header always set Strict-Transport-Security "max-age=15552000; includeS$
⌠and thatâs where I get lost. I canât see where http gets redirected to https or where the ssl engine is turned on. Everything seems to be tied up with the frontview config files, which Iâm a bit wary of messing with. So any pointers will be much appreciated.
And it is difficult to see from your post, but it looks like all includes are within a <virtual *:80> block.
That is BAD programming structure.
The includes should be outside of any such block.
[but not knowing the contents of those files... that remains to be seen]
Any idea what or where the SSLOptions might be found? As for the all the Includes being in <VirtualHost *:80> ⌠Not me guv! I cannot tell a lie, it was them!
Nothing in sites-enabled and the 000-fv-https.conf in there contains pretty much the same as the http.conf i.e:
Include â/etc/frontview/apache/ssl.confâ
Include â/etc/frontview/apache/defaults.confâ
Include â/etc/frontview/apache/http-share-redirect.confâ
Include â/etc/frontview/apache/fv-admin.confâ
Include â/etc/frontview/apache/Shares.confâ
Include â/etc/frontview/apache/apps-https.confâ
Include â/etc/frontview/apache/READYDROP.confâ
Include "/etc/frontview/apache/ssl.conf"
Include "/etc/frontview/apache/defaults.conf"
Include "/etc/frontview/apache/http-share-redirect.conf"
Include "/etc/frontview/apache/fv-admin.conf"
Include "/etc/frontview/apache/Shares.conf"
Include "/etc/frontview/apache/apps-https.conf"
Include "/etc/frontview/apache/READYDROP.conf"
Neither did that!! I must learn to proof read before committing my reply.
Ok the missing bits are:
ifModule mod_ssl.c
VirtualHost default:443
Include â/etc/frontview/apache/ssl.confâ
Include â/etc/frontview/apache/defaults.confâ
Include â/etc/frontview/apache/http-share-redirect.confâ
Include â/etc/frontview/apache/fv-admin.confâ
Include â/etc/frontview/apache/Shares.confâ
Include â/etc/frontview/apache/apps-https.confâ
Include â/etc/frontview/apache/READYDROP.confâ
/VirtualHost
/IfModule
This system doesnât allow the <>s
That would be useful, but beyond my capabilities! Iâll see what I can find. There is a system backup option in frontview. I donât know how readable it might be, but Iâll give it a go.
Ok thanks Iâll take a look.
The config backup didnât seem to have much of any interest in it. Plenty of .conf files, but nothing in sites-enabled! Very odd. I canât attach it, as .zip files arenât allowed. Canât remember how to do pastebin.
Well, I created a dump file and saved it on the ReadyNAS, canât work out how to get that file to my PC using Putty & PSCP. Iâll have another go tomorrow evening.