Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't install new certificates with certbot-apache under Gentoo since version 0.20.0 #5344

Closed
Tito1337 opened this issue Dec 20, 2017 · 7 comments
Closed

Can't install new certificates with certbot-apache under Gentoo since version 0.20.0 #5344

Tito1337 opened this issue Dec 20, 2017 · 7 comments
Assignees
@joohoi
Labels
area: apache bug

Comments

@Tito1337
Copy link

It seems that version 0.20.0 has a major architecture revision from 0.19.0, in particular regarding OS specific overrides. But the Gentoo overrides have a flaw when trying to install a new certificate : at one point it tries to run "apache2ctl -t -D DUMP_MODULES", which is no good at all under Gentoo because apache2ctl is a dummy script redirecting to /etc/init.d/apache2. It generates this error :

Error in checking parameter list: /etc/init.d/apache2: invalid option -- 't'

My operating system is (include version):

Gentoo

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

OS package manager (emerge) with testing (~amd64) flag

I ran this command and it produced this output:

certbot -d test.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for test.example.com
Waiting for verification...
Cleaning up challenges
Error in checking parameter list: /etc/init.d/apache2: invalid option -- 't'

Apache is unable to check whether or not the module is loaded because Apache is misconfigured.

Certbot's behavior differed from what I expected because:

Certbot did not install the certificate because it failed to run apache2ctl -t -D DUMP_MODULES
@Tito1337
Copy link
Author

Pinging @joohoi because this is related to your pull request #5202

@Tito1337
Copy link
Author

Tito1337 commented Dec 20, 2017
edited
Loading

Solution is probably to override the reset_modules in the same way that you override update_runtime_variables, because everything goes well until cleanup when reset_modules is called

Sorry I don't have enough know-how to patch it myself

@joohoi joohoi self-assigned this Dec 20, 2017
@joohoi
Copy link
Member

joohoi commented Dec 20, 2017

Thanks for the detailed bug report, you are completely right about the fix too! While I was working on the PR, I actually patched that functionality for Gentoo ( https://bugs.gentoo.org/634414 ) , and looks like I left the patched version of apache2ctl in my test system and this go through.
I'm going to fix this asap, sorry for the inconvinience.

@joohoi joohoi mentioned this issue Dec 22, 2017
Merged
@igravious
Copy link

igravious commented Dec 23, 2017
edited
Loading

@joohoi This bug bit me :(

What do I do in the meantime to renew my certs?

@Tito1337
Copy link
Author

@igravious I suggest downgrading to version 0.19.0

@joohoi
Copy link
Member

joohoi commented Dec 23, 2017

Unfortunately the only options seem to be downgrading, or temporarily substituting the apache2ctl script with one I patched and submitted upstream (see the Gentoo bug linked in my earlier comment): The patched apache2ctl: https://634414.bugs.gentoo.org/attachment.cgi?id=498822

@bmw bmw closed this as completed in #5349 Jan 4, 2018
@Polynomial-C
Copy link

FYI, this has been fixed in Gentoo with apache-2.4.33 meanwhile.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joohoi joohoi

Labels
area: apache bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Tito1337 @igravious @joohoi @Polynomial-C