Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot certonly --apache
It produced this output:
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find apache executable apache2ctl')
My web server is (include version):
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.28.0
After further research it appears that apache is not load on my server, and I need to do that before running the certificate request, but can I get a certificate for filemaker server, that is my end goal?
You don't require Apache specifically. But Certbot does work the easiest when using an existing webserver, such as Apache or for example nginx. But this isn't required. Certbot can also function as a webserver itself by using the --standalone plugin. So no Apache or nginx required.
So could you perhaps explain a little bit more about your situation? Do you have a webserver such as Apache installed already?
Edit:
It seems your host fm.ecjgroup.com is indeed running an Apache webserver when surfing to it. It responds with some kind of placeholder with the text "FileMaker Database Server Website". So probably the piece of software "FileMaker" runs on Apache?
I don't have experience with "FileMaker", perhaps you can tell us more about it?
Filemaker is database software developed originally by Apple and then was separated as its own company known as Claris. The server software runs on several different O/Ss.
It currently supports Ubuntu 18.04 and they just announced support for 20.04.
I am running it on Ubuntu 18.04 and it comes with its own self-signed certificate but I want to update it to a CA certificate.
I am not clear about what command options I need to be running just to create the certificate? Once I have the certificate, I can load it using Filemaker Server.
Any information or suggestions for the command options would be helpful.
I'm not clear also. As I said, it seems there is an Apache running on your host, but the --apache plugin doesn't understand it. You might be able to use the --webroot method as mentioned earlier by Rudy, but without a clear understanding of your webserver setup we can't provide detailled advice.
Thank you for your information. will you explain the webroot authentication method? What or where is my webroot? If I understand it, it's a directory that Certbot must have access to. Are there requirements for that directory, can it be anywhere in my directory, or am I confused?
@ejolesch, the webroot idea is simple.
Use any existing web server to serve the challenge request.
All you have to do is point certbot to the correct directory.
In order to find that directory, and since you are using apache, I would start with the output of: apachectl -t -D DUMP_VHOSTS
[but you might need to find it first; if so, do: find / -name apachectl]
[also, you may, or may not, have to run it using sudo (or su)]
From that output, we can find the file that is responsible for servicing the HTTP requests on fm.ecjgroup.com.
And within that file, we should be able to find the DocumentRoot used.
Thank you, I appreciate your guidance with this problem. It's unknown territory for me.
I ran the apachectl -t -D DUMP_VHOSTS and received the following response:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using fm.ecjgroup.com. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 fm.ecjgroup.com (/etc/apache2/sites-enabled/000-default.conf:1)
I also ran find / -name apachectl and the response was: /usr/bin/apachectl
1st, How do I set the 'ServerName' directive globally as it suggests?
2nd. Does this provide the information for the webroot or are there "next" steps.
Here is the contents of: /etc/apache2/sites-enabled/000-default.conf
root@fm:/home/ubuntu# more /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
There is no actual ServerName used in that file; It merely defers to the globally assigned name [bad practice].
You should clean that file up [like: removing all the comment lines] and ensure to correctly use the lines needed. Like: ServerName, DocumentRoot
What is the command you use to restart Apache? Based on your first post it looks different than normal. If you don't know, what instructions did you use to install Apache?
Or, try these commands and let us know which one works
sudo systemctl status apache2
sudo systemctl status httpd
The webroot authentication is probably best as Rudy suggested but we still need to know how to reload Apache after getting the certs.
I tried both commands regarding starting apache and the httpd.service could not be found
for - apache2 I received the following error message
root@fm:/# sudo systemctl status apache2
â—Ź apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Tue 2022-06-28 14:56:09 UTC; 1 day 14h ago
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: AH00558: apache2: Could not reliably determine the server's fully qualifi
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: (98)Address already in use: AH00072: make_sock: could not bind to address
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: (98)Address already in use: AH00072: make_sock: could not bind to address
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: no listening sockets available, shutting down
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: AH00015: Unable to open logs
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: Action 'start' failed.
Jun 28 14:56:09 fm.ecjgroup.com apachectl[6545]: The Apache error log may have more information.
Jun 28 14:56:09 fm.ecjgroup.com systemd[1]: apache2.service: Control process exited, code=exited status=1
Jun 28 14:56:09 fm.ecjgroup.com systemd[1]: apache2.service: Failed with result 'exit-code'.
Jun 28 14:56:09 fm.ecjgroup.com systemd[1]: Failed to start The Apache HTTP Server.
However, if you go to the website fm.ecjgroup.com it does show the webserver is running.
Also, I am not sure how it gets started as it's part of the installation of filemaker server.
Filemaker Server is a database product by Claris (owned by Apple)
It comes with a self-signed certificate but I would like to update that to a letsencrypt certificate so I don't get any warnings when I connect to the website. Also, this server is only being used in a development setup now.
