Created attachment 201477 [details] Letsencrypt log file Name : apache24 Version : 2.4.38 Name : py36-certbot Version : 0.30.2_2,1 Name : py36-certbot-apache Version : 0.30.2 uname -a FreeBSD scorpio.seibercom.net 12.0-RELEASE-p2 FreeBSD 12.0-RELEASE-p2 GENERIC amd64 freebsd-version 12.0-RELEASE-p2 After updating apache24 on my system, the certbot is now issuing an error when I attempt to run it either via cron or from the command line. This is the command line output: Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /usr/local/etc/letsencrypt/renewal/seibercom.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration. The error was: NoInstallationError('Cannot find Apache executable apache2ctl',) Attempting to renew cert (seibercom.net) from /usr/local/etc/letsencrypt/renewal/seibercom.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration. The error was: NoInstallationError('Cannot find Apache executable apache2ctl',). Skipping. All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) I have attached the letsencrypt log file. The configuration has been working correctly for several months, so I am confident that it is correct. In the "letsencrypt" log, there is an entry: certbot.errors.NoInstallationError: Cannot find Apache executable apache2ctl Apparently a file is missing from apache24 that was there before.
Give the PR to python@ The Port needs a replace for /usr/bin/apache2ctl
A commit references this bug: Author: miwi Date: Mon Jan 28 10:37:12 UTC 2019 New revision: 491473 URL: https://svnweb.freebsd.org/changeset/ports/491473 Log: - py-certbot-apache is looking for apache2ctl but we ship apachectl with www/apache24 this commit fix this issue - Bump PORTREVISION PR: 235277 Sponsored by: iXsystems Inc. Changes: head/security/py-certbot-apache/Makefile
Thanks for the report, is fixed now.
(In reply to Martin Wilke from comment #4) After installing the update module, I am still experiencing problems. When run, this error message is displayed: Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /usr/local/etc/letsencrypt/renewal/seibercom.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Non-interactive renewal: random delay of 111 seconds Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration. The error was: NoInstallationError('Could not find configuration root',) Attempting to renew cert (seibercom.net) from /usr/local/etc/letsencrypt/renewal/seibercom.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration. The error was: NoInstallationError('Could not find configuration root',). Skipping. All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) I can supply the log file upon request.
Hi Gerard, I reopen it, will check in a bit and see if we can fix it properly.
Can you please try this patch https://people.freebsd.org/~miwi/patches/cert-apache.diff and let me know if that works?
Created attachment 201528 [details] Letsencrypt log file This is the log file after applying the patch.
(In reply to Gerard Seibert from comment #8) Thanks, can u please try again with https://people.freebsd.org/~miwi/patches/cert-apache1.diff
(In reply to Martin Wilke from comment #9) I am probably doing something wrong; however, this error message is emitted when I try to patch the file: Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: Makefile |=================================================================== |--- Makefile (revision 491473) |+++ Makefile (working copy) -------------------------- Patching file Makefile using Plan A... Hunk #1 succeeded at 2. Hunk #2 failed at 27. 1 out of 2 hunks failed--saving rejects to Makefile.rej done This is the "reject" file # more Makefile.rej @@ -27,6 +27,7 @@ post-patch: @${REINPLACE_CMD} -e 's|apache2ctl|apachectl|' ${WRKSRC}/certbot_apache/configurator.py + @${REINPLACE_CMD} -e 's|/etc/apache2|${LOCALBASE}/etc/apache24|' ${WRKSRC}/certbot_apache/configurator.py .include "${.CURDIR}/../py-acme/version.mk" .include <bsd.port.mk>
(In reply to Gerard Seibert from comment #10) Ah my bad, you need to revert this previous change first, svn revert -R . in the port itself. Then reapply.
(In reply to Gerard Seibert from comment #10) Sorry, I was applying the patch to the already patched Makefile. I reverted to the original one and applied the patch. It now compiles and runs correctly. Thanks!
(In reply to Gerard Seibert from comment #12) Cool :) Thanks for helping on testing it.
A commit references this bug: Author: miwi Date: Thu Jan 31 12:47:59 UTC 2019 New revision: 491714 URL: https://svnweb.freebsd.org/changeset/ports/491714 Log: - Fix apache root dir PR: 235277 Reported by: gerard_seibert@outlook.com Sponsored by: iXsystems Inc. Changes: head/security/py-certbot-apache/Makefile