Unable to renew certificates with apache plugin on CentOS 7

Hi,
we are having issues renewing certificates with the apache plugin:

# certbot certonly --apache -d ouvertureviaggi.it --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error running command ['apachectl', '-t', '-D', 'DUMP_INCLUDES'] for runtime parameters!

Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error accessing loaded Apache parameters: ['apachectl', '-t', '-D', 'DUMP_INCLUDES']",)
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error accessing loaded Apache parameters: ['apachectl', '-t', '-D', 'DUMP_INCLUDES']",)

It seems that this workaround doesn’t work, maybe certbot doesn’t always parse the parameter “–apache-ctl=”:

# certbot certonly --apache --apache-ctl=/usr/local/bin/certbot-workaround.sh -d ouvertureviaggi.it --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error running command ['/usr/local/bin/certbot-workaround.sh', '-t', '-D', 'DUMP_INCLUDES'] for runtime parameters!

Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error accessing loaded Apache parameters: ['/usr/local/bin/certbot-workaround.sh', '-t', '-D', 'DUMP_INCLUDES']",)
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error accessing loaded Apache parameters: ['/usr/local/bin/certbot-workaround.sh', '-t', '-D', 'DUMP_INCLUDES']",)


    # cat /usr/local/bin/certbot-workaround.sh
    #!/usr/bin/env bash

    if [[ "$1" =~ ^(configtest|graceful|restart)$ ]]; then
      /usr/sbin/apachectl "$@"
    else
      /usr/sbin/httpd "$@"
    fi

    PARAMS="$@"

    logger -t certbot-workaround.sh -- `echo $PARAMS`

    # journalctl -r
    feb 19 19:18:59 webspace2 certbot-workaround.sh[24999]: configtest
    feb 19 19:19:00 webspace2 certbot-workaround.sh[25003]: -v
    feb 19 19:19:00 webspace2 certbot-workaround.sh[25010]: -t -D DUMP_RUN_CFG

Using certbot 1.0.0 on Centos 7, httpd 2.4.6:

# certbot --version
certbot 1.0.0

# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)

# httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built:   Aug  8 2019 11:41:18
Server's Module Magic Number: 20120211:24
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

# rpm -q  httpd          
httpd-2.4.6-90.el7.centos.x86_64

Thank you

Hi @frastill

you use certonly, so you don't use Apache as installer.

Try to switch to webroot, so the Apache plugin isn't used.

https://certbot.eff.org/docs/using.html

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.