Unable to install LetsEncrypt SSL on CentOS 7


#1

Please fill out the fields below so we can help you better.

My domain is: gangren.team

My operating system is (include version): CentOS 7

My web server is (include version): Apache/2.4.25 (cPanel)

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): Yes (all commands are executed as root)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, WHM & cPanel

I performed the following steps:
Create the CentOS 7 VM and configure the DNS records to point to it.
Create the account (gangren.team) in WHM.
Upload a basic index.html file and navigate to www.gangren.team to validate that I can access the site.
Log into the server and execute the following [based on the Let’s Encrypt on CentOS 7 article from Digital Ocean (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7), with the understanding that no firewall has been setup]
sudo yum install epel-release
sudo yum install httpd mod_ssl python-certbot-apache
sudo systemctl start httpd
systemctl status httpd
curl www.gangren.team ((Note: works))
curl -k https://gangren.team ((Note: error, as seen in log))
sudo certbot --apache -d gangren.team -d www.gangren.team
This last command generates an error, as follows: certbot: command not found

After this, I tried something else, as follows:
sudo git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
./letsencrypt-auto --apache -d gangren.team -d www.gangren.team
This returned an error as well, as follows:
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(‘Could not find configuration root’,)

OUTPUT FROM FIRST SET OF STEPS:

[loneadmin@cpanel-test ~]$ sudo yum install epel-release
Loaded plugins: fastestmirror, tsflags, universal-hooks
EA4                                                      | 2.9 kB     00:00
base                                                     | 3.6 kB     00:00
epel/x86_64/metalink                                     |  11 kB     00:00
epel                                                     | 4.3 kB     00:00
extras                                                   | 3.4 kB     00:00
updates                                                  | 3.4 kB     00:00
    (1/2): epel/x86_64/updateinfo                              | 754 kB   00:00
    (2/2): epel/x86_64/primary_db                              | 4.6 MB   00:00
    Loading mirror speeds from cached hostfile
     * EA4: 208.43.108.66
     * base: centos.aol.com
     * epel: mirror.us.leaseweb.net
     * extras: centos.aol.com
     * updates: mirror.netdepot.com
    Package epel-release-7-9.noarch already installed and latest version
Nothing to do
[loneadmin@cpanel-test ~]$ sudo yum install httpd mod_ssl python-certbot-apache
Loaded plugins: fastestmirror, tsflags, universal-hooks
Loading mirror speeds from cached hostfile
 * EA4: 208.43.108.66
 * base: mirror.symnds.com
 * epel: mirror.us.leaseweb.net
 * extras: centos.aol.com
 * updates: mirror.netdepot.com
No package httpd available.
No package mod_ssl available.
Resolving Dependencies
--> Running transaction check
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: python2-certbot = 0.11.1 for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Processing Dependency: certbot = 0.11.1 for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Processing Dependency: python-augeas for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Running transaction check
---> Package certbot.noarch 0:0.11.1-2.el7 will be installed
---> Package python-augeas.noarch 0:0.5.0-2.el7 will be installed
--> Processing Dependency: augeas-libs for package: python-augeas-0.5.0-2.el7.noarch
---> Package python2-certbot.noarch 0:0.11.1-2.el7 will be installed
--> Processing Dependency: python2-acme = 0.11.1 for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python2-dialog >= 3.3.0 for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python2-configargparse >= 0.10.0 for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python-psutil >= 2.1.0 for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python2-future for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python-zope-interface for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python-zope-component for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python-parsedatetime for package: python2-certbot-0.11.1-2.el7.noarch
--> Processing Dependency: python-mock for package: python2-certbot-0.11.1-2.el7.noarch
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Running transaction check
---> Package augeas-libs.x86_64 0:1.4.0-2.el7 will be installed
---> Package python-parsedatetime.noarch 0:1.5-3.el7 will be installed
---> Package python-psutil.x86_64 0:2.2.1-1.el7 will be installed
---> Package python-zope-component.noarch 1:4.1.0-1.el7 will be installed
--> Processing Dependency: python-zope-event for package: 1:python-zope-component-4.1.0-1.el7.noarch
---> Package python-zope-interface.x86_64 0:4.0.5-4.el7 will be installed
---> Package python2-acme.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.11.1-1.el7.noarch
--> Processing Dependency: pytz for package: python2-acme-0.11.1-1.el7.noarch
--> Processing Dependency: python-pyrfc3339 for package: python2-acme-0.11.1-1.el7.noarch
--> Processing Dependency: python-ndg_httpsclient for package: python2-acme-0.11.1-1.el7.noarch
--> Processing Dependency: python-cryptography for package: python2-acme-0.11.1-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
---> Package python2-configargparse.noarch 0:0.11.0-1.el7 will be installed
---> Package python2-dialog.noarch 0:3.3.0-6.el7 will be installed
--> Processing Dependency: dialog for package: python2-dialog-3.3.0-6.el7.noarch
---> Package python2-future.noarch 0:0.16.0-2.el7 will be installed
---> Package python2-mock.noarch 0:1.0.1-9.el7 will be installed
--> Running transaction check
---> Package dialog.x86_64 0:1.2-4.20130523.el7 will be installed
---> Package pyOpenSSL.x86_64 0:0.13.1-3.el7 will be installed
---> Package python-ndg_httpsclient.noarch 0:0.3.2-1.el7 will be installed
---> Package python-zope-event.noarch 0:4.0.3-2.el7 will be installed
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
---> Package python2-cryptography.x86_64 0:1.3.1-3.el7 will be installed
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.3.1-3.el7.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.3.1-3.el7.x86_64
--> Processing Dependency: python-ipaddress for package: python2-cryptography-1.3.1-3.el7.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.3.1-3.el7.x86_64
---> Package python2-pyrfc3339.noarch 0:1.0-2.el7 will be installed
---> Package pytz.noarch 0:2012d-5.el7 will be installed
--> Running transaction check
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.0-1.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Running transaction check
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Running transaction check
---> Package python-ply.noarch 0:3.4-10.el7 will be installed
---> Package python2-certbot-apache.noarch 0:0.11.1-1.el7 will be installed
--> Processing Dependency: mod_ssl for package: python2-certbot-apache-0.11.1-1.el7.noarch
--> Finished Dependency Resolution
Error: Package: python2-certbot-apache-0.11.1-1.el7.noarch (epel)
           Requires: mod_ssl
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[loneadmin@cpanel-test ~]$ sudo systemctl start httpd
[loneadmin@cpanel-test ~]$ systemctl status httpd
● httpd.service - Apache web server managed by cPanel EasyApache
   Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-03-09 00:11:08 MST; 4 days ago
 Main PID: 24231 (httpd)
   CGroup: /system.slice/httpd.service
           ├─12213 /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/...
           ├─12214 /usr/sbin/httpd -k start
           ├─12215 /usr/sbin/httpd -k start
           ├─12216 /usr/sbin/httpd -k start
           ├─12217 /usr/sbin/httpd -k start
           ├─12218 /usr/sbin/httpd -k start
           ├─12272 /usr/sbin/httpd -k start
           └─24231 /usr/sbin/httpd -k start
[loneadmin@cpanel-test ~]$ curl www.gangren.team
<!DOCTYPE html>
<html>
<body>

<h1>My First Heading</h1>

<p>My first paragraph.</p>

</body>
</html>
[loneadmin@cpanel-test ~]$ curl -k https://gangren.team
curl: (35) SSL received a record that exceeded the maximum permissible length.
[loneadmin@cpanel-test ~]$ sudo certbot --apache -d gangren.team -d www.gangren.team
sudo: certbot: command not found

OUTPUT FROM SECOND SET OF STEPS:

[loneadmin@cpanel-test ~]$ sudo git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 44254, done.
remote: Compressing objects: 100% (84/84), done.
remote: Total 44254 (delta 42), reused 0 (delta 0), pack-reused 44170
Receiving objects: 100% (44254/44254), 12.97 MiB | 3.23 MiB/s, done.
Resolving deltas: 100% (31620/31620), done.
[loneadmin@cpanel-test ~]$ cd letsencrypt
[loneadmin@cpanel-test letsencrypt]$ ./letsencrypt-auto --help
Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
Loaded plugins: fastestmirror, tsflags, universal-hooks
Loading mirror speeds from cached hostfile
 * EA4: 208.43.108.66
 * base: centos.aol.com
 * epel: mirror.us.leaseweb.net
 * extras: centos.aol.com
 * updates: mirror.netdepot.com
Package gcc-4.8.5-11.el7.x86_64 already installed and latest version
    Package 1:openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest version
    Package 1:openssl-devel-1.0.1e-60.el7_3.1.x86_64 already installed and latest version
    Package redhat-rpm-config-9.1.0-72.el7.centos.noarch already installed and latest version
    Package ca-certificates-2015.2.6-73.el7.noarch already installed and latest version
    Package python-2.7.5-48.el7.x86_64 already installed and latest version
    Package python-devel-2.7.5-48.el7.x86_64 already installed and latest version
    Package python-tools-2.7.5-48.el7.x86_64 already installed and latest version
    Resolving Dependencies
    --> Running transaction check
    ---> Package augeas-libs.x86_64 0:1.4.0-2.el7 will be installed
    ---> Package libffi-devel.x86_64 0:3.0.13-18.el7 will be installed
---> Package python-pip.noarch 0:7.1.0-1.el7 will be obsoleted
---> Package python-virtualenv.noarch 0:1.10.1-3.el7 will be installed
---> Package python2-pip.noarch 0:8.1.2-5.el7 will be obsoleting
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch          Version               Repository   Size
================================================================================
Installing:
 augeas-libs              x86_64        1.4.0-2.el7           base        355 k
 libffi-devel             x86_64        3.0.13-18.el7         base         23 k
 python-virtualenv        noarch        1.10.1-3.el7          base        1.2 M
 python2-pip              noarch        8.1.2-5.el7           epel        1.7 M
     replacing  python-pip.noarch 7.1.0-1.el7

Transaction Summary
================================================================================
Install  4 Packages

Total download size: 3.3 M
Downloading packages:
(1/4): libffi-devel-3.0.13-18.el7.x86_64.rpm               |  23 kB   00:00
(2/4): augeas-libs-1.4.0-2.el7.x86_64.rpm                  | 355 kB   00:00
(3/4): python-virtualenv-1.10.1-3.el7.noarch.rpm           | 1.2 MB   00:00
(4/4): python2-pip-8.1.2-5.el7.noarch.rpm                  | 1.7 MB   00:01
--------------------------------------------------------------------------------
Total                                              1.9 MB/s | 3.3 MB  00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : augeas-libs-1.4.0-2.el7.x86_64                               1/5
  Installing : python2-pip-8.1.2-5.el7.noarch                               2/5
  Installing : libffi-devel-3.0.13-18.el7.x86_64                            3/5
  Installing : python-virtualenv-1.10.1-3.el7.noarch                        4/5
  Erasing    : python-pip-7.1.0-1.el7.noarch                                5/5
  Verifying  : python-virtualenv-1.10.1-3.el7.noarch                        1/5
  Verifying  : libffi-devel-3.0.13-18.el7.x86_64                            2/5
  Verifying  : python2-pip-8.1.2-5.el7.noarch                               3/5
  Verifying  : augeas-libs-1.4.0-2.el7.x86_64                               4/5
  Verifying  : python-pip-7.1.0-1.el7.noarch                                5/5

Installed:
  augeas-libs.x86_64 0:1.4.0-2.el7         libffi-devel.x86_64 0:3.0.13-18.el7
  python-virtualenv.noarch 0:1.10.1-3.el7  python2-pip.noarch 0:8.1.2-5.el7

Replaced:
  python-pip.noarch 0:7.1.0-1.el7

Complete!
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run certbot...
  /home/loneadmin/.local/share/letsencrypt/bin/letsencrypt --help

  letsencrypt-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
cert. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
    (default) run   Obtain & install a cert in your current webserver
    certonly        Obtain or renew a cert, but do not install it
    renew           Renew all previously obtained certs that are near expiry
   -d DOMAINS       Comma-separated list of domains to obtain a cert for

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  --nginx           Use the Nginx plugin for authentication & installation
  --webroot         Place files in a server's webroot folder for authentication
  --manual          Obtain certs interactively, or using shell script hooks

   -n               Run non-interactively
  --test-cert       Obtain a test cert from a staging server
  --dry-run         Test "renew" or "certonly" without saving any certs to disk

manage certificates:
    certificates    Display information about certs you have from Certbot
    revoke          Revoke a certificate (supply --cert-path)
    delete          Delete a certificate

manage your account with Let's Encrypt:
    register        Create a Let's Encrypt ACME account
  --agree-tos       Agree to the ACME server's Subscriber Agreement
   -m EMAIL         Email address for important account notifications

More detailed help:

  -h, --help [TOPIC]    print this message, or detailed help on a topic;
                        the available TOPICS are:

   all, automation, commands, paths, security, testing, or any of the
   subcommands or plugins (certonly, renew, install, register, nginx,
   apache, standalone, webroot, etc.)

[loneadmin@cpanel-test letsencrypt]$ ./letsencrypt-auto --apache -d gangren.team -d www.gangren.team
Requesting root privileges to run certbot...
  /home/loneadmin/.local/share/letsencrypt/bin/letsencrypt --apache -d gangren.team -d www.gangren.team
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root',)

#2

Hello @LEUser,

As you said, you are using cPanel to manage your server so you should be careful regarding what you install on your server. In a vanilla Centos 7 installation, if you perform a yum install httpd mod_ssl it should install both packages but in your case it says:

No package httpd available.
No package mod_ssl available.

Nevermind, you should not install certbot nor trying to use it via command line, you should use autossl plugin for cPanel, this plugin will take care to issue the certs for your domains.

I’ve never used cPanel nor autossl so I can’t help with it but if your cPanel is a recent version there should be no problem to get it working in a few minutes.

Regarding the error you are getting:

That is because certbot is trying to get the root dir where your apache conf is located and it expects to find it on /etc/httpd/ and I suppose cPanel doesn’t use this path, this apache root path can be override using certbot parameter --apache-server-root /path/to/your/apache/root/conf/ but don’t do it or you will get a mess.

As I said, use autossl plugin ;).

Note: The next time, if you want to write command outputs, configurations, etc. write the text you want, select it and click on the icon </>, this will convert the text in a code block (it is easier to read it).

Cheers,
sahsanu


#3

Thank you very much, I will look into using AutoSSL/Let’s Encrypt. I hadn’t seen the plugin in all my previous searching. Also, for clarity (for anyone who should come along later), I put the output in the code brackets, as you indicated. :slight_smile:


#4

I thing u should contact the tech support


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.