Simple Ubuntu Apache Install - Certbot Balks

evenmoreconfused · June 23, 2024, 12:35am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: issues2.kroitor.ca

I ran this command: certbot install

It produced this output: Certbot doesn't know how to automatically configure the web server on this system.

My web server is (include version): apache2 2.4.52 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.4 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Disclaimer: longtime user of certbot, but memory fails and I may be making dumb omissions.

I just installed a basic LAMP stack running MantisBT on a new Ubuntu VM. It's a replacement for an existing VM that was running MantisBT on Rocky 9.3. All got reinstalled and came up properly except for certbot and the mod_ssl stuff.

Believing this would all be fairly simple, I followed this instruction page: https://kifarunix.com/install-mantis-bug-tracker-on-ubuntu-20-04/ which, although old, worked fine. Notice it has the world's simplest instructions for the site setup: all it does is create a single sites-available conf. (Edit: it also disables the default site and enables the new one using a2ensite)

As I believe that one difference between Fedora-style and Debian-style environments is in the apache config files, I chose to simply do what the page says (which works for getting http up) and then use certbot to add the https additions (which fails).

Questions:

does certbot create a log hinting at why it doesn't know how to automatically configure the web server?
am I right that certbot can change a simple http site to one with mod_ssl enabled?
is there a troubleshooting guide for what things make certbot lose the tune?

I do -- or at least long ago did -- know how to configure a secure site manually on Ubuntu (although I'm much more fluent with the CentOS / Rocky dialect), but I'd really rather not. Instead, I'd rather understand why certbot's automatic configuration is failing so that things like auto-renewal just work in a "set and forget" fashion.

evenmoreconfused · June 23, 2024, 12:55am

Duh... it says (in line 1!) where the log is.

2024-06-23 00:44:17,700:DEBUG:certbot._internal.main:certbot version: 1.21.0
2024-06-23 00:44:17,700:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-06-23 00:44:17,700:DEBUG:certbot._internal.main:Arguments:
2024-06-23 00:44:17,701:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-06-23 00:44:17,712:DEBUG:certbot._internal.log:Root logging level set at 30
2024-06-23 00:44:17,713:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2024-06-23 00:44:17,714:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2024-06-23 00:44:17,714:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None

Doesn't really help much though.

certbot --apache results in "appears not to be installed", but I can't see where / how to install it.

MikeMcQ · June 23, 2024, 1:05am

That means Certbot can't find an active Apache VirtualHost for that domain name. With the --apache plugin it wants to use that to satisfy the HTTP Challenge and as a template to setup the new VirtualHost for HTTPS (port 443).

Possibly (probably) because you only have one defined in sites-available. There should be a symlink in sites-enabled to that. Often setup by using a2ensite command (Apache enable site)

You can view your active VirtualHosts with this

sudo apache2ctl -t -D DUMP_VHOSTS

Or, possibly httpd instead of apache2ctl on your distro

evenmoreconfused · June 23, 2024, 1:25am

Thanks for the quick reply.

Your answer highlighted the first issue: the site name in the conf file (and thus the name of the conf file and the symlink) all were set to something different than the actual site I was navigating to (and was set in the DNS). This is now fixed.

But I still get the same error.

issues2.conf in sites-available:

 <VirtualHost *:80>
     DocumentRoot "/var/www/html/mantisbt"
 
     ServerName issues2.kroitor.ca
 
     ErrorLog "/var/log/apache2/mantisbt_error_log"
     CustomLog "/var/log/apache2/mantisbt_access_log" combined
 
         <Directory "/var/www/html/mantisbt/">
             DirectoryIndex index.php
             Options -Indexes +FollowSymLinks
             AllowOverride All
             Require all granted
         </Directory>
 
 </VirtualHost>

issues2.conf symlink exists in sites-enabled (created using a2ensite)

What else needs to exist?

PS: there is a "less-than slash VirtualHost greater-than" line at the end of that block text but some quirk of the HTML keeps removing it. I can't even type that string here in the PS. It just gets removed.

evenmoreconfused · June 23, 2024, 1:35am

PPS: should mention that the original instructions (linked above) do include disabling the default site and enabling my new one (using a2dissite / a2ensite), which I had done. Only I used the site mantisbt.kroitor.ca and later absent-mindedly changed my plan to issues2.kroitor.ca.

evenmoreconfused · June 23, 2024, 1:47am

Further questions:

why does it say the apache plugin is not installed?
Ubuntu installed certbot 1.21.0, but the documentation refers to 2.x. Should I be installing a newer version of certbot?

evenmoreconfused · June 23, 2024, 1:54am

Actually the solution is simple: the apache plugin was indeed not install and has a misleading name. Running

apt install python3-certbot-apache

fixes the issue. I had done a couple of searches for required packages, but along the lines of certbot*.

MikeMcQ · June 23, 2024, 2:18am

Actually, the Certbot snap install is recommended for Ubuntu (and most other distros).

Please see:

and follow the instructions carefully

MikeMcQ · June 23, 2024, 2:20am

Yes, items in html like tags get formatted or dropped by the forum formatting.

To preserve such tags use the "preformatted text" option in the post menu. Or, just include 3 backticks before and after the block. I adjusted the VirtualHost code in your earlier post.

Can do like
```
VirtualHost statements
```

system · July 23, 2024, 2:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot installs cert fine, verified, but still no https in any browser Help	2	420	August 12, 2020
Installing certbot on apache server doesn't work Help	4	397	February 27, 2021
Ubuntu 14.04 with Certbot version 0.17.0 Help	3	10122	March 12, 2020
Unable to install ssl cert from certbot Help	2	451	May 1, 2021
Certbot not working-LK608 Help	3	660	May 16, 2018

Simple Ubuntu Apache Install - Certbot Balks

Related topics