Bug 235277 - security/py-certbot-apache: Cannot find Apache executable apache2ctl
Summary: security/py-certbot-apache: Cannot find Apache executable apache2ctl
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-28 10:07 UTC by Gerard Seibert
Modified: 2019-01-31 12:48 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (apache)


Attachments
Letsencrypt log file (4.73 KB, text/plain)
2019-01-28 10:07 UTC, Gerard Seibert
no flags Details
Letsencrypt log file (4.83 KB, text/plain)
2019-01-30 11:58 UTC, Gerard Seibert
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gerard Seibert 2019-01-28 10:07:16 UTC
Created attachment 201477 [details]
Letsencrypt log file

Name           : apache24
Version        : 2.4.38

Name           : py36-certbot
Version        : 0.30.2_2,1

Name           : py36-certbot-apache
Version        : 0.30.2

uname -a
FreeBSD scorpio.seibercom.net 12.0-RELEASE-p2 FreeBSD 12.0-RELEASE-p2 GENERIC  amd64

freebsd-version
12.0-RELEASE-p2

After updating apache24 on my system, the certbot is now issuing an error when I attempt to run it either via cron or from the command line. This is the command line output:


Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/seibercom.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache executable apache2ctl',)
Attempting to renew cert (seibercom.net) from /usr/local/etc/letsencrypt/renewal/seibercom.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache executable apache2ctl',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

I have attached the letsencrypt log file. The configuration has been working correctly for several months, so I am confident that it is correct.

In the "letsencrypt" log, there is an entry:
certbot.errors.NoInstallationError: Cannot find Apache executable apache2ctl
Apparently a file is missing from apache24 that was there before.
Comment 1 Jochen Neumeister freebsd_committer 2019-01-28 10:19:07 UTC
Give the PR to python@

The Port needs a replace for /usr/bin/apache2ctl
Comment 2 Jochen Neumeister freebsd_committer 2019-01-28 10:21:25 UTC
Give the PR to python@

The Port needs a replace for /usr/bin/apache2ctl
Comment 3 commit-hook freebsd_committer 2019-01-28 10:37:20 UTC
A commit references this bug:

Author: miwi
Date: Mon Jan 28 10:37:12 UTC 2019
New revision: 491473
URL: https://svnweb.freebsd.org/changeset/ports/491473

Log:
  - py-certbot-apache is looking for apache2ctl but we ship apachectl with www/apache24
    this commit fix this issue
  - Bump PORTREVISION

  PR:				235277
  Sponsored by:	iXsystems Inc.

Changes:
  head/security/py-certbot-apache/Makefile
Comment 4 Martin Wilke freebsd_committer 2019-01-28 10:37:55 UTC
Thanks for the report, is fixed now.
Comment 5 Gerard Seibert 2019-01-30 10:17:13 UTC
(In reply to Martin Wilke from comment #4)
After installing the update module, I am still experiencing problems. When run, this error message is displayed:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/seibercom.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 111 seconds
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root',)
Attempting to renew cert (seibercom.net) from /usr/local/etc/letsencrypt/renewal/seibercom.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

I can supply the log file upon request.
Comment 6 Martin Wilke freebsd_committer 2019-01-30 11:27:12 UTC
Hi Gerard,

I reopen it, will check in a bit and see if we can fix it properly.
Comment 7 Martin Wilke freebsd_committer 2019-01-30 11:37:37 UTC
Can you please try this patch https://people.freebsd.org/~miwi/patches/cert-apache.diff and let me know if that works?
Comment 8 Gerard Seibert 2019-01-30 11:58:30 UTC
Created attachment 201528 [details]
Letsencrypt log file

This is the log file after applying the patch.
Comment 9 Martin Wilke freebsd_committer 2019-01-30 16:26:15 UTC
(In reply to Gerard Seibert from comment #8)
Thanks, can u please try again with https://people.freebsd.org/~miwi/patches/cert-apache1.diff
Comment 10 Gerard Seibert 2019-01-30 16:54:19 UTC
(In reply to Martin Wilke from comment #9)

I am probably doing something wrong; however, this error message is emitted when I try to patch the file:

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: Makefile
|===================================================================
|--- Makefile   (revision 491473)
|+++ Makefile   (working copy)
--------------------------
Patching file Makefile using Plan A...
Hunk #1 succeeded at 2.
Hunk #2 failed at 27.
1 out of 2 hunks failed--saving rejects to Makefile.rej
done

This is the "reject" file

# more Makefile.rej
@@ -27,6 +27,7 @@

 post-patch:
        @${REINPLACE_CMD} -e 's|apache2ctl|apachectl|' ${WRKSRC}/certbot_apache/configurator.py
+       @${REINPLACE_CMD} -e 's|/etc/apache2|${LOCALBASE}/etc/apache24|' ${WRKSRC}/certbot_apache/configurator.py

 .include "${.CURDIR}/../py-acme/version.mk"
 .include <bsd.port.mk>
Comment 11 Martin Wilke freebsd_committer 2019-01-30 17:00:16 UTC
(In reply to Gerard Seibert from comment #10)
Ah my bad, you need to revert this previous change first, svn revert -R . in the port itself. Then reapply.
Comment 12 Gerard Seibert 2019-01-30 17:05:36 UTC
(In reply to Gerard Seibert from comment #10)

Sorry, I was applying the patch to the already patched Makefile. I reverted to the original one and applied the patch. It now compiles and runs correctly.

Thanks!
Comment 13 Martin Wilke freebsd_committer 2019-01-31 12:42:56 UTC
(In reply to Gerard Seibert from comment #12)
Cool :) Thanks for helping on testing it.
Comment 14 commit-hook freebsd_committer 2019-01-31 12:48:21 UTC
A commit references this bug:

Author: miwi
Date: Thu Jan 31 12:47:59 UTC 2019
New revision: 491714
URL: https://svnweb.freebsd.org/changeset/ports/491714

Log:
  - Fix apache root dir

  PR:		235277
  Reported by:	gerard_seibert@outlook.com
  Sponsored by:	iXsystems Inc.

Changes:
  head/security/py-certbot-apache/Makefile