Setup multi domain on new apache


#1

Hi, team,

I’m trying to setup Let’s encrypt on my server. Here is the environment.

  1. OS: CentOS7
  2. Apache: 2.4.29

I removed existing apache on CentOS and installed new one from source. So the apache directory is completely different from original one. The apache 2.4.29 directory is /usr/local/apache2.

Now, I installed certbot and python-certbot-apache. During the installation, I could see different version of apache was installed also. I renamed httpd (/usr/sbin/httpd), but certbot command seem to look for this httpd version. When I did like certbot certonly -d www.aaa.com -d www.bbb.com, then I got error like Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80. Actually, I configured with apache2.4.29 which was installed from source. Anyway, I don’t see any pem files under letsencrypt directory.

My questions are as follows.

1.How can I setup with apache which is installed from source (Not originally installed one)
2. How can I configure “ssl.conf” file?

Well, my setup might be something wrong, but I really appreciate your support and help.

Thank you!

Regards,


#2

I haven’t tried this myself but in theory Certbot has options such as --apache-server-root, --apache-vhost-root etc that let you tell it where to find things rather than using the OS defaults. Type certbot --help apache for more information.

Also, if you’re installing your own Apache from source, you might be better off using certbot-auto rather than installing from yum, since the latter (as you saw) will install a second Apache as a dependency, which might confuse your startup scripts as they both try to listen on the same ports :wink:


Installation to site with Apache built from source
#3

Hi, jmorahan,

Thank you so much for your kind support! Finally, I got “pem” files. I added --apache-server-root and --apache-vhost-root option with certbot. BTW, you’ve mentioned second sentence that "use “certbot-auto”.
Could you please let me know how I can install certbot-auto. Is this like source installation procedure?
I really want to install “certbot” only. I don’t need to get “dependencies” applications.

Thanks!


#4

certbot-auto is a script that installs and runs the latest version of certbot. It’s intended for use on operating systems that don’t have a certbot package, but it can also be used on systems that have a package you don’t want to use for some reason. You can download it from https://dl.eff.org/certbot-auto. Note that unlike the OS packages it doesn’t set up its own cron job, so if you decide to use it you’ll need to set up a renewal cron job yourself.


#5

Hello. I tried to get certbot-auto from let’s encrypt site. Now, I did following command.

./certbot-auto certonly --apache-server-root=/usr/local/apache2/ --apache-vhost-root=/usr/local/apache2/conf/extra/httpd-vhosts.conf -d www.aaa.com -d www.bbb.com

However, I got the error as follows.

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.aaa.com
http-01 challenge for www.bbb.com
Cleaning up challenges
File:

  • Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Certbot probably shut down unexpectedly
    File:
  • Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_post.conf - Certbot probably shut down unexpectedly
    An unexpected error occurred:
    IOError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_http_01_challenge_pre.conf’
    Please see the logfiles in /var/log/letsencrypt for more details.

you have any ideas? I searched for google, but I’ve not found the solution yet…


#6

Hmm, seems you’re the second person with this error today, but I’ve never seen it before :frowning:

Could you post the log file that it mentions?


#7

Here is the log file, but I can paste only 20 links?!

[root@web1 letsencrypt]# more letsencrypt.log
2018-02-24 22:38:36,202:DEBUG:certbot.main:certbot version: 0.21.1
2018-02-24 22:38:36,202:DEBUG:certbot.main:Arguments: [’–apache-server-root=/usr/local/apache2/’, ‘–apache-vhost-root=/usr/local/apache2/conf/extra/httpd-vhosts.conf’, ‘-d’, ‘www.aaa.com’, ‘-d’, ‘www.bbb.com’]
2018-02-24 22:38:36,202:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPo
int#standalone,PluginEntryPoint#webroot)
2018-02-24 22:38:36,215:DEBUG:certbot.log:Root logging level set at 20
2018-02-24 22:38:36,215:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-02-24 22:38:36,216:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2018-02-24 22:38:36,363:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2018-02-24 22:38:36,596:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx):
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 130, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 125, in prepare
raise errors.NoInstallationError
NoInstallationError
2018-02-24 22:38:36,597:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x18efb50>
Prep: True

  • standalone
    Description: Spin up a temporary webserver
    Interfaces: IAuthenticator, IPlugin
    Entry point: standalone = certbot.plugins.standalone:Authenticator
    Initialized: <certbot.plugins.standalone.Authenticator object at 0x1eec6d0>
    Prep: True

  • webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x1eec1d0>
    Prep: True
    2


#8

Can I attache the log file by the way??


#9

The forum has some rules about what “new” users can do. I don’t know if uploading is restricted or not.

Selection_030

(1) is what the upload button looks like, if you have it. (2) can be used to format the log as plain text, I think everyone can use that one.


#10

@bravo I poked your account, you should be able to post tons of links and upload attachments now.


#11
indent preformatted text by 4 spaces<a class="attachment" href="/uploads/default/original/3X/a/e/ae06447bebe75e77cffcae6442cca89f5727df08.txt">log.txt</a> (15.6 KB)

#12

log.txt (15.6 KB)


#13

Thanks. Okay it looks like it’s failing to write that config file. I think you might have to add --apache-challenge-location to tell it to place it in a different location (such as your apache config directory).


Certbot Crashes before issuing certs
#14

Hi, jmorahan,

WOW!! you are the man!!! Cool! That works finally! It might be last question. I just write pem file directions in ssl.conf file right? These pem file can be used for these 2 domains.

Thank you so much!


#15

It depends somewhat on how your server is already configured. Certbot can try to figure it out for you automatically, if you use --apache without certonly. If that doesn’t work, or if you prefer to do things manually, Mozilla’s config generator is a decent starting point.


#16

Thank you so much for your great support!


#17

Here is some of my log. I can’t upload, new user restriction…

l8w
Expires: Fri, 23 Feb 2018 13:56:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Feb 2018 13:56:53 GMT
Connection: keep-alive

b’‘
2018-02-23 13:56:53,875:DEBUG:acme.client:Storing nonce: aSvpPUPWmLn1B67-pG4XP_OLzlHj_Ka3CrbF6w6sl8w
2018-02-23 13:56:53,875:DEBUG:acme.client:JWS payload:
b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “harrysweet.com”\n },\n “resource”: “new-authz”\n}'
2018-02-23 13:56:53,881:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwKICAgICJ2YWx1ZSI6ICJoYXJyeXN3ZWV0LmNvbSIKICB9LAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0”,
“signature”: “vSCcV51YXhWZDQqpyIII8ljdGewc63WkkbAS7vxPWH0py6dpP_Clf9gTIA9Azib77xPuNc2sFziOIG_HSvX_v6YsUHXYiTYLlTAAmciIrHVSCbamsP0DL9SB1DjA4-w1xhnPWMQqXckjFWoPFRsiy9RYPrD6aJchlItNC051v4F4r0Js68Pd9GmVXOuppvNW8iStCYjjxlNB5WKUR08ykVn5iRLWxEI2uFgk39F6P8DUYqz38HY7Drr7e7C7EBekkAp-isjvGIAM3wtsSw3L4t2BFxx5pHhJT9GzNz2PS5eBeViVYMvHB__B8aW7h7j1nJQr-2ZZKRT0pZZC-Dy7Yg”,
“protected”: “eyJub25jZSI6ICJhU3ZwUFVQV21MbjFCNjctcEc0WFBfT0x6bEhqX0thM0NyYkY2dzZzbDh3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7Im4iOiAidjlabTNUMlJkNWhXaFpvallLTFlEZ3hHSW9teUlBSlZSMlhLTno0cllWR2dEM2dBRUVyUzF4ZklZcEg2OGx6OUFvUmgxMS1VTVk2MGhRbXFoVkhHdE44OGwzemxOTHpocDlsRWp5b2Znd2VfeUhaOFhXaWNqYmJZeDhIY1BXU3pQdjJmMnRwVnJtQVlTWmNkNGdIWVB6b3dUS1hVXzVUbktKbzZSeW85aEVjRVI5TTctY1hyekI1NUpmUGZ4ZkhMRFRvZnl1czBQbXc3cUhUTjRHSXdYZGVnVTFLUEdfcUIyeTFSYmFocEF4akxvSlZVRVNLQ25VXzdCcldKenR5ZDZ3bkVJTzV3QU5aU1U0UjA1MkUyUHJDbUdmSXZJanJxT3JOeWQwY3cwaHBOelZuYmM3bS1TMWM5a1VYY3Joc1hCeEEzOU12QmJsSlAzYVNZTmpqOFJRIiwgImt0eSI6ICJSU0EiLCAiZSI6ICJBUUFCIn19”
}
2018-02-23 13:56:54,177:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 719
2018-02-23 13:56:54,178:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 719
Boulder-Requester: 29934081
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/ngzbWq7ADR0r0O6Vt7uJpYDVNSIRVR0dsvQboiX0W3o
Replay-Nonce: t5bRp-yMcQCOqtHu9xtpxST9nYCM_TfR4V3B_TzNwWE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 23 Feb 2018 13:56:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Feb 2018 13:56:54 GMT
Connection: keep-alive

b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “harrysweet.com”\n },\n “status”: “pending”,\n “expires”: “2018-03-01T18:10:46Z”,\n “challenges”: [\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/ngzbWq7ADR0r0O6Vt7uJpYDVNSIRVR0dsvQboiX0W3o/3560042192”,\n “token”: “uIJSAOMsDfUUtyJ5tVDsRyvqPDVGFVtxxQtW9F6DAx4”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/ngzbWq7ADR0r0O6Vt7uJpYDVNSIRVR0dsvQboiX0W3o/3560042193”,\n “token”: “7YIRjF07AH1DRiD6yyBVyE_lVeiimIuVRiUX1mi3A2U”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ]\n ]\n}'
2018-02-23 13:56:54,178:DEBUG:acme.client:Storing nonce: t5bRp-yMcQCOqtHu9xtpxST9nYCM_TfR4V3B_TzNwWE
2018-02-23 13:56:54,179:INFO:certbot.auth_handler:Performing the following challenges:
2018-02-23 13:56:54,179:INFO:certbot.auth_handler:http-01 challenge for harrysweet.com
2018-02-23 13:56:54,317:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: harrysweet.amoodle.org in: /etc/httpd/conf/httpd.conf
2018-02-23 13:56:54,318:DEBUG:certbot_apache.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [L]

2018-02-23 13:56:54,320:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 1950, in perform
http_response = http_doer.perform()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 70, in perform
self._mod_config()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 116, in _mod_config
with open(self.challenge_conf_pre, “w”) as new_conf:
FileNotFoundError: [Errno 2] No such file or directory: ‘/etc/httpd/conf.d/le_http_01_challenge_pre.conf’

2018-02-23 13:56:54,320:DEBUG:certbot.error_handler:Calling registered functions
2018-02-23 13:56:54,320:INFO:certbot.auth_handler:Cleaning up challenges
2018-02-23 13:56:54,321:WARNING:certbot.reverter:File:

  • Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Certbot probably shut down unexpectedly
    2018-02-23 13:56:54,321:WARNING:certbot.reverter:File:
  • Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_post.conf - Certbot probably shut down unexpectedly
    2018-02-23 13:56:54,814:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
    File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 9, in
    load_entry_point(‘letsencrypt==0.7.0’, ‘console_scripts’, ‘letsencrypt’)()
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 1240, in main
    return config.func(config, plugins)
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 994, in run
    certname, lineage)
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 118, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 357, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 318, in obtain_certificate
    self.config.allow_subset_of_names)
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 74, in get_authorizations
    resp = self._solve_challenges()
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 115, in _solve_challenges
    resp = self.auth.perform(self.achalls)
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 1950, in perform
    http_response = http_doer.perform()
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 70, in perform
    self._mod_config()
    File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 116, in _mod_config
    with open(self.challenge_conf_pre, “w”) as new_conf:
    FileNotFoundError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_http_01_challenge_pre.conf’
    2018-02-23 13:56:54,815:ERROR:certbot.log:An unexpected error occurred:

#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.