8000 certbot-apache fails on a fresh install of httpd on RHEL 8 · Issue #7273 · certbot/certbot · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

certbot-apache fails on a fresh install of httpd on RHEL 8 #7273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bmw opened this issue Jul 26, 2019 · 7 comments
Closed

certbot-apache fails on a fresh install of httpd on RHEL 8 #7273

bmw opened this issue Jul 26, 2019 · 7 comments
Labels
area: apache area: fedora / redhat / CentOS needs-update

Comments

@bmw
Copy link
Member
bmw commented Jul 26, 2019

My operating system is (include version):

RHEL 8

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

certbot-auto

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.
2019-07-26 19:05:42,605:DEBUG:certbot.main:certbot version: 0.37.0.dev0
2019-07-26 19:05:42,607:DEBUG:certbot.main:Arguments: ['-v', '--debug', '--text', '--agree-dev-preview', '--agree-tos', '--renew-by-default', '--redirect', '--register-unsafely-without-email', '--domain', 'ec2-3-83-206-109.compute-1.amazonaws.com', '--server', 'http://10.0.0.232:4000/directory']
2019-07-26 19:05:42,608:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-07-26 19:05:42,617:WARNING:certbot.util:Use of --agree-dev-preview is deprecated.
2019-07-26 19:05:42,634:DEBUG:certbot.log:Root logging level set at 10
2019-07-26 19:05:42,634:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-07-26 19:05:42,636:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2019-07-26 19:05:42,791:ERROR:certbot.util:Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

2019-07-26 19:05:42,792:DEBUG:certbot.plugins.disco:Misconfigured PluginEntryPoint#apache: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
Traceback (most recent call last):
  File "/home/ec2-user/letsencrypt/certbot-apache/certbot_apache/configurator.py", line 2239, in config_test
    util.run_script(self.option("conftest_cmd"))
  File "/home/ec2-user/letsencrypt/certbot/util.py", line 84, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ec2-user/letsencrypt/certbot/plugins/disco.py", line 130, in prepare
    self._initialized.prepare()
  File "/home/ec2-user/letsencrypt/certbot-apache/certbot_apache/configurator.py", line 239, in prepare
    self.config_test()
  File "/home/ec2-user/letsencrypt/certbot-apache/certbot_apache/override_centos.py", line 58, in config_test
    super(CentOSConfigurator, self).config_test()
  File "/home/ec2-user/letsencrypt/certbot-apache/certbot_apache/configurator.py", line 2241, in config_test
    raise errors.MisconfigurationError(str(err))
certbot.errors.MisconfigurationError: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

2019-07-26 19:05:42,794:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fcd57c9ab70>
Prep: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

2019-07-26 19:05:42,797:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

I think we need to update the code at

certbot/certbot-apache/certbot_apache/override_centos.py

Line 60 in e6bf3fe

if fedora:
to also run systemctl restart httpd on RHEL 8 based systems.

cc @adferrand, @joohoi
@bmw
Copy link
Member Author
bmw commented Jul 26, 2019

Proposal to fix the problem: Always call this systemctl command if systemctl is in our PATH.

@bmw bmw mentioned this issue Jul 29, 2019
Closed
@bmw bmw mentioned this issue Aug 6, 2019
Merged
bmw added a commit that referenced this issue Aug 7, 2019
@bmw
Merge pull request #7302 from certbot/rhel8_fix-with-tests
745ef6e 
This PR builds off of #7240 to fix #7241.

The code in certbot-auto is unchanged which I +1. Someone else should give it a 2nd review.

For the code in the tests, you can see all tests passing (including test_tests.sh) at  https://travis-ci.com/certbot/certbot/builds/122198270.

I created #7301 to track removing the temporary code in test_leauto_upgrades.sh as suggested at #7282 (comment).

One noteworthy thing here is I did not add the RHEL 8 AMI to the Apache tests due to #7273. This problem is not related to support in certbot-auto though, is an edge case, and I do not personally believe it should block this PR.
@bmw bmw mentioned this issue Sep 26, 2019
Closed
@bmw
Copy link
Member Author
bmw commented Sep 26, 2019

This also affects CentOS 8 as seen at #7397.

@rizkyarlin
Copy link

Running systemctl restart httpd gave me See "systemctl status httpd.service" and "journalctl -xe" for details. on CentOS8

@rizkyarlin
8000 Copy link

Oh this is th RHEL issue, I'll ask at the centos issue

@bmw
Copy link
Member Author
bmw commented Jul 1, 2020

When this issue is resolved, we should be able to add CentOS/RHEL 8 to https://github.com/certbot/certbot/blob/f743dbec3a04349533735a161b650f02844b2294/tests/letstest/apache2_targets.yaml.

@bmw bmw mentioned this issue Jul 1, 2020
Closed
@stale
Copy link
stale bot commented Jul 9, 2021

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

@stale stale bot added the needs-update label Jul 9, 2021
@github-actions
Copy link

This issue has been closed due to lack of activity, but if you think it should be reopened, please open a new issue with a link to this one and we'll take a look.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale May 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: apache area: fedora / redhat / CentOS needs-update
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bmw @rizkyarlin
0