Run certbot on a system with multiple apache instances


#1

Good day and Happy Thanksgiving to all:

I am running Centos 7 with 2 apache servers present. When I started building the box, I installed the apache 2.4.6 server (default install from Centos). After realizing that there are newer versions, I followed the instructions to compile and install 2.4.29. This is the version which is up and running. I want to secure the domains that are configured on 2.4.29 server. I downloaded certbot and certbot apache, but when I run certbot --apache, certbot accesses 2.4.6 server httpd.conf.

when running httpd -V, 2.4.6 is shown

Is there a way to point certbot to the other httpd server?

Thank you.


#2

Hi,

Do you want to keep the old Apache server?

If not, you could remove that first…

Thank you


#3

Hi, Steven. Thank you for a prompt response.

I have been trying. Simple yum remove httpd does not do it. Even after I make httpd -V show 2.4.29, the certbot still goes to the 2.4.6 conf files.

Once I remove directories, 2.4.29 does not start.


#4

certbot --help apache will list some options that should be useful.


#5

I went through the documentation. Do not see any obvious options.

I managed to start the httpd (rotatelogs was also somehow deleted from /usr/sbin after my manipulations). Copied it back.
Now httpd -V shows 2.4.29.

I can access the site from the browser, from curl, but certbot does not see httpd virtual hosts.

When installing certbot-apache I see in the trace that it is Installing : httpd-2.4.6. Not sure if this is the problem.

In the /var/log/letsencrypt/letsencrypt.log it says
2018-11-22 13:50:26,488:DEBUG:certbot_apache.configurator:Apache version is 2.4.6


#6

I am getting closer to figuring the httpd issue. When running certbot --apache as a regular user, “no domains are found in the configuration files”. When switching to the root (su -l), the domains come up correctly.

Ran apachectl -S for both accounts. The regular user account shows port 443 configuration files which do not have any domains, and the root account shows port 80 configuration files, which have all my domains, which is what I want. Any idea what is the reason for that and how to make the certbot --apache, run as a regular user account, go after port 80?