Setup multi domain on new apache

Hi, team,

I’m trying to setup Let’s encrypt on my server. Here is the environment.

1. OS: CentOS7
2. Apache: 2.4.29

I removed existing apache on CentOS and installed new one from source. So the apache directory is completely different from original one. The apache 2.4.29 directory is /usr/local/apache2.

Now, I installed certbot and python-certbot-apache. During the installation, I could see different version of apache was installed also. I renamed httpd (/usr/sbin/httpd), but certbot command seem to look for this httpd version. When I did like certbot certonly -d www.aaa.com -d www.bbb.com, then I got error like Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80. Actually, I configured with apache2.4.29 which was installed from source. Anyway, I don’t see any pem files under letsencrypt directory.

My questions are as follows.

1.How can I setup with apache which is installed from source (Not originally installed one)
2. How can I configure “ssl.conf” file?

Well, my setup might be something wrong, but I really appreciate your support and help.

Thank you!

Regards,

I haven’t tried this myself but in theory Certbot has options such as --apache-server-root, --apache-vhost-root etc that let you tell it where to find things rather than using the OS defaults. Type certbot --help apache for more information.

Also, if you’re installing your own Apache from source, you might be better off using certbot-auto rather than installing from yum, since the latter (as you saw) will install a second Apache as a dependency, which might confuse your startup scripts as they both try to listen on the same ports

Hi, jmorahan,

Thank you so much for your kind support! Finally, I got “pem” files. I added --apache-server-root and --apache-vhost-root option with certbot. BTW, you’ve mentioned second sentence that "use “certbot-auto”.
Could you please let me know how I can install certbot-auto. Is this like source installation procedure?
I really want to install “certbot” only. I don’t need to get “dependencies” applications.

Thanks!

certbot-auto is a script that installs and runs the latest version of certbot. It’s intended for use on operating systems that don’t have a certbot package, but it can also be used on systems that have a package you don’t want to use for some reason. You can download it from https://dl.eff.org/certbot-auto. Note that unlike the OS packages it doesn’t set up its own cron job, so if you decide to use it you’ll need to set up a renewal cron job yourself.

Hello. I tried to get certbot-auto from let’s encrypt site. Now, I did following command.

./certbot-auto certonly --apache-server-root=/usr/local/apache2/ --apache-vhost-root=/usr/local/apache2/conf/extra/httpd-vhosts.conf -d www.aaa.com -d www.bbb.com

However, I got the error as follows.

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.aaa.com
http-01 challenge for www.bbb.com
Cleaning up challenges
File:

• Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Certbot probably shut down unexpectedly
  File:
• Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_post.conf - Certbot probably shut down unexpectedly
  An unexpected error occurred:
  IOError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_http_01_challenge_pre.conf’
  Please see the logfiles in /var/log/letsencrypt for more details.

you have any ideas? I searched for google, but I’ve not found the solution yet…

Hmm, seems you’re the second person with this error today, but I’ve never seen it before

Could you post the log file that it mentions?

Here is the log file, but I can paste only 20 links?!

[root@web1 letsencrypt]# more letsencrypt.log
2018-02-24 22:38:36,202:DEBUG:certbot.main:certbot version: 0.21.1
2018-02-24 22:38:36,202:DEBUG:certbot.main:Arguments: [’–apache-server-root=/usr/local/apache2/’, ‘–apache-vhost-root=/usr/local/apache2/conf/extra/httpd-vhosts.conf’, ‘-d’, ‘www.aaa.com’, ‘-d’, ‘www.bbb.com’]
2018-02-24 22:38:36,202:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPo
int#standalone,PluginEntryPoint#webroot)
2018-02-24 22:38:36,215:DEBUG:certbot.log:Root logging level set at 20
2018-02-24 22:38:36,215:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-02-24 22:38:36,216:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2018-02-24 22:38:36,363:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2018-02-24 22:38:36,596:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx):
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 130, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 125, in prepare
raise errors.NoInstallationError
NoInstallationError
2018-02-24 22:38:36,597:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x18efb50>
Prep: True

• standalone
  Description: Spin up a temporary webserver
  Interfaces: IAuthenticator, IPlugin
  Entry point: standalone = certbot.plugins.standalone:Authenticator
  Initialized: <certbot.plugins.standalone.Authenticator object at 0x1eec6d0>
  Prep: True

• webroot
  Description: Place files in webroot directory
  Interfaces: IAuthenticator, IPlugin
  Entry point: webroot = certbot.plugins.webroot:Authenticator
  Initialized: <certbot.plugins.webroot.Authenticator object at 0x1eec1d0>
  Prep: True
  2

Can I attache the log file by the way??

The forum has some rules about what “new” users can do. I don’t know if uploading is restricted or not.

(1) is what the upload button looks like, if you have it. (2) can be used to format the log as plain text, I think everyone can use that one.

@bravo I poked your account, you should be able to post tons of links and upload attachments now.

indent preformatted text by 4 spaces<a class="attachment" href="/uploads/default/original/3X/a/e/ae06447bebe75e77cffcae6442cca89f5727df08.txt">log.txt</a> (15.6 KB)

log.txt (15.6 KB)

Thanks. Okay it looks like it’s failing to write that config file. I think you might have to add --apache-challenge-location to tell it to place it in a different location (such as your apache config directory).

Hi, jmorahan,

WOW!! you are the man!!!! Cool! That works finally! It might be last question. I just write pem file directions in ssl.conf file right? These pem file can be used for these 2 domains.

Thank you so much!

It depends somewhat on how your server is already configured. Certbot can try to figure it out for you automatically, if you use --apache without certonly. If that doesn’t work, or if you prefer to do things manually, Mozilla’s config generator is a decent starting point.

Thank you so much for your great support!

Here is some of my log. I can’t upload, new user restriction…

l8w
Expires: Fri, 23 Feb 2018 13:56:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Feb 2018 13:56:53 GMT
Connection: keep-alive

b’‘
2018-02-23 13:56:53,875:DEBUG:acme.client:Storing nonce: aSvpPUPWmLn1B67-pG4XP_OLzlHj_Ka3CrbF6w6sl8w
2018-02-23 13:56:53,875:DEBUG:acme.client:JWS payload:
b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “harrysweet.com”\n },\n “resource”: “new-authz”\n}'
2018-02-23 13:56:53,881:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwKICAgICJ2YWx1ZSI6ICJoYXJyeXN3ZWV0LmNvbSIKICB9LAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0”,
“signature”: “vSCcV51YXhWZDQqpyIII8ljdGewc63WkkbAS7vxPWH0py6dpP_Clf9gTIA9Azib77xPuNc2sFziOIG_HSvX_v6YsUHXYiTYLlTAAmciIrHVSCbamsP0DL9SB1DjA4-w1xhnPWMQqXckjFWoPFRsiy9RYPrD6aJchlItNC051v4F4r0Js68Pd9GmVXOuppvNW8iStCYjjxlNB5WKUR08ykVn5iRLWxEI2uFgk39F6P8DUYqz38HY7Drr7e7C7EBekkAp-isjvGIAM3wtsSw3L4t2BFxx5pHhJT9GzNz2PS5eBeViVYMvHB__B8aW7h7j1nJQr-2ZZKRT0pZZC-Dy7Yg”,
“protected”: “eyJub25jZSI6ICJhU3ZwUFVQV21MbjFCNjctcEc0WFBfT0x6bEhqX0thM0NyYkY2dzZzbDh3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7Im4iOiAidjlabTNUMlJkNWhXaFpvallLTFlEZ3hHSW9teUlBSlZSMlhLTno0cllWR2dEM2dBRUVyUzF4ZklZcEg2OGx6OUFvUmgxMS1VTVk2MGhRbXFoVkhHdE44OGwzemxOTHpocDlsRWp5b2Znd2VfeUhaOFhXaWNqYmJZeDhIY1BXU3pQdjJmMnRwVnJtQVlTWmNkNGdIWVB6b3dUS1hVXzVUbktKbzZSeW85aEVjRVI5TTctY1hyekI1NUpmUGZ4ZkhMRFRvZnl1czBQbXc3cUhUTjRHSXdYZGVnVTFLUEdfcUIyeTFSYmFocEF4akxvSlZVRVNLQ25VXzdCcldKenR5ZDZ3bkVJTzV3QU5aU1U0UjA1MkUyUHJDbUdmSXZJanJxT3JOeWQwY3cwaHBOelZuYmM3bS1TMWM5a1VYY3Joc1hCeEEzOU12QmJsSlAzYVNZTmpqOFJRIiwgImt0eSI6ICJSU0EiLCAiZSI6ICJBUUFCIn19”
}
2018-02-23 13:56:54,177:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 719
2018-02-23 13:56:54,178:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 719
Boulder-Requester: 29934081
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/ngzbWq7ADR0r0O6Vt7uJpYDVNSIRVR0dsvQboiX0W3o
Replay-Nonce: t5bRp-yMcQCOqtHu9xtpxST9nYCM_TfR4V3B_TzNwWE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 23 Feb 2018 13:56:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Feb 2018 13:56:54 GMT
Connection: keep-alive

b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “harrysweet.com”\n },\n “status”: “pending”,\n “expires”: “2018-03-01T18:10:46Z”,\n “challenges”: [\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/ngzbWq7ADR0r0O6Vt7uJpYDVNSIRVR0dsvQboiX0W3o/3560042192”,\n “token”: “uIJSAOMsDfUUtyJ5tVDsRyvqPDVGFVtxxQtW9F6DAx4”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/ngzbWq7ADR0r0O6Vt7uJpYDVNSIRVR0dsvQboiX0W3o/3560042193”,\n “token”: “7YIRjF07AH1DRiD6yyBVyE_lVeiimIuVRiUX1mi3A2U”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ]\n ]\n}'
2018-02-23 13:56:54,178:DEBUG:acme.client:Storing nonce: t5bRp-yMcQCOqtHu9xtpxST9nYCM_TfR4V3B_TzNwWE
2018-02-23 13:56:54,179:INFO:certbot.auth_handler:Performing the following challenges:
2018-02-23 13:56:54,179:INFO:certbot.auth_handler:http-01 challenge for harrysweet.com
2018-02-23 13:56:54,317:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: harrysweet.amoodle.org in: /etc/httpd/conf/httpd.conf
2018-02-23 13:56:54,318:DEBUG:certbot_apache.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [L]

2018-02-23 13:56:54,320:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 1950, in perform
http_response = http_doer.perform()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 70, in perform
self._mod_config()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 116, in _mod_config
with open(self.challenge_conf_pre, “w”) as new_conf:
FileNotFoundError: [Errno 2] No such file or directory: ‘/etc/httpd/conf.d/le_http_01_challenge_pre.conf’

2018-02-23 13:56:54,320:DEBUG:certbot.error_handler:Calling registered functions
2018-02-23 13:56:54,320:INFO:certbot.auth_handler:Cleaning up challenges
2018-02-23 13:56:54,321:WARNING:certbot.reverter:File:

• Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Certbot probably shut down unexpectedly
  2018-02-23 13:56:54,321:WARNING:certbot.reverter:File:
• Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_post.conf - Certbot probably shut down unexpectedly
  2018-02-23 13:56:54,814:DEBUG:certbot.log:Exiting abnormally:
  Traceback (most recent call last):
  File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 9, in
  load_entry_point(‘letsencrypt==0.7.0’, ‘console_scripts’, ‘letsencrypt’)()
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 1240, in main
  return config.func(config, plugins)
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 994, in run
  certname, lineage)
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 118, in _get_and_save_cert
  lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 357, in obtain_and_enroll_certificate
  certr, chain, key, _ = self.obtain_certificate(domains)
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 318, in obtain_certificate
  self.config.allow_subset_of_names)
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 74, in get_authorizations
  resp = self._solve_challenges()
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 115, in _solve_challenges
  resp = self.auth.perform(self.achalls)
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/configurator.py”, line 1950, in perform
  http_response = http_doer.perform()
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 70, in perform
  self._mod_config()
  File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_apache/http_01.py”, line 116, in _mod_config
  with open(self.challenge_conf_pre, “w”) as new_conf:
  FileNotFoundError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_http_01_challenge_pre.conf’
  2018-02-23 13:56:54,815:ERROR:certbot.log:An unexpected error occurred:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.