Running Certbot on CentOS 6.8 w/ Apache 2.4.23

Hi there,

I’m trying to run Certbot on a test domain before requesting certificates for my main domains and I’m hitting an error. I went through the instructions on https://certbot.eff.org/#centosrhel6-apache

Right now I’m on a dedicated server running CentOS 6.8 and Apache 2.4.23 trying to get a cert for kaboom.site

When I run ./certbot-auto --apache, I get these messages

/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Version: 1.1-20080819
Version: 1.1-20080819
/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py:496: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
  return e.message
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

The current letsencrypt.log shows this:

2016-07-28 13:05:29,830:DEBUG:certbot.main:Root logging level set at 30
2016-07-28 13:05:29,830:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-07-28 13:05:29,831:DEBUG:certbot.main:certbot version: 0.8.1
2016-07-28 13:05:29,831:DEBUG:certbot.main:Arguments: ['--apache']
2016-07-28 13:05:29,831:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-07-28 13:05:29,865:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2016-07-28 13:05:29,929:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache):
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/plugins/disco.py", line 105, in prepare
    self._initialized.prepare()
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py", line 161, in prepare
    raise errors.NoInstallationError
NoInstallationError
2016-07-28 13:05:29,931:DEBUG:certbot.plugins.selection:No candidate plugin
2016-07-28 13:05:29,931:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

From my understanding, Certbot doesn’t detect that Apache is actually installed, but is and everything is running smoothly. Here’s the output of httpd -v:

Server version: Apache/2.4.23 (Unix)
Server built:   Jul 25 2016 05:20:20
Cpanel::Easy::Apache v3.34.2 rev9999

I tried searching, but I can’t find a solution. Any ideas?

Thanks,
Paul

Tried to reproduce this on a clean CentOS 6.8 installation and the apache plugin seems to work.

The only difference I noticed is that you’re running Apache/2.4.23, whereas I got Apache/2.2.15 via yum install httpd, so I suspect the problem is somehow related to that. Can you describe how you installed apache - is this from a third-party RPM repo, or did you compile it yourself? Happy to try reproducing with these steps again to see if I can figure something out.

If I recall correctly, Apache was installed via EasyApache3 on WHM. I think EasyApache compiles from source. I’m not exactly sure though.

If it matters, I have WHM 56.0.18.

Would it be advisable to only generate the certs via Certbot and manually add the configs via WHM?

I think this guide is what I’m looking for: https://certbot.eff.org/#centosrhel6-other

I noticed WHM has a “Install an SSL Certificate on a Domain” section where I can paste a Certificate, Private Key and Certificate Authority Bundle.

I think this might be the simplest way. Not sure how the Apache configs are affected though.

Using one of the certonly plugins (like webroot) and performing the installation manually might indeed be the best option for a control panel. I’m not sure how the certbot-created config would interact with the control panel otherwise.

Got it to work like this. Certbot worked well with the webroot plugin, and I manually pasted the certs in the control panel.

When the certs are renewed, does the cert.pem file change? If so, I’ll have to repaste the certs in the control panel every 3 months, which isn’t ideal.

Yep, cert.pem (and potentially chain.pem, though that’s only happened once during Let’s Encrypt’s lifetime and will be quite rare in the future as well) will change with each renewal. There might be scripts out there to automate the installation. I’m not sure if this is the same thing as cPanel, but I seem to recall seeing scripts for that. In addition to that, an official plugin for cPanel is being worked on and will be included with the next release, so you might not have to do this all that often before you get first-party support for Let’s Encrypt.

Ok good to know. I found this Perl script that seems to do exactly that using the cPanel/WHM API, and I’m trying to understand it before I use it.

The script seems to grab the cert.pem, privkey.pem and chain.pem and send it through the cPanel API. Essentially doing a copy & paste like I did, but via the API instead of manually.

I’m guessing this is a script I’ll have to run as a post-hook. Still trying to figure this out.

EDIT: If I had read the whole post, it already runs the script as post-hook. Nothing to figure out.

Thanks for all the help!

EDIT 2: I can confirm that the Perl script works with a little tweak. i.e. changing letsencrypt-auto for certbot-auto

Cpanel added the AutoSSL in 58 there use lets encrypt

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.