Fedora apachectl 2.4.39 no longer supports passing arguments to httpd

[berenddeschouwer]

My operating system is (include version):

Fedora 29

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

OS package manager
Additionally: httpd-2.4.39

I ran this command and it produced this output:

certbot renew --apache
apachectl: The "-v" option is not supported.

Certbot's behavior differed from what I expected because:

certbot gets invalid output from apachectl

Here is a Certbot log showing the issue (if available):

/usr/sbin/apachectl doesn't support -v, nor -t -D DUMP_RUN_CFG, DUMP_INCLUDES, DUMP_MODULES

Hacking apachectl (or a different one in the path) to specifically allow these options makes it work.

Running httpd -v or -t -D DUMP_RUN_CFG does work, apachectl doesn't.

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

not relevant, change to /usr/sbin/apachectl, probably in 2.4.39. httpd (and config) is fine, apachectl is not.

not sure if I should file a bug here, or with Fedora

Issue #5439 seems very similar, but appears to be for restart of apache only. This issue occurs before the certificate -- certbot is still verifying if apache is installed.

[Barborica-Alexandru]

Yes same problem. I tried replacing apachectl with a link to httpd but that did not work. Change was made with recent apache 2.4.39 update.

Never knew the hassle updating certificates manually would be. I cannot renew the old certificate either as certbot does not ask me if I wanna spin up a temporary webserver when I want to renew, only when using certbot certonly.

[ohemorange]

@joohoi looks like something's changed with Apache.

[jmorahan]

https://src.fedoraproject.org/rpms/httpd/c/b86b48c4a2a3293c0e9a8cb74e01f1827c3be904?branch=master
perhaps?

[ROV28]

Same problem here (Fedora 29 - Apache: httpd-2.4.39-2.fc29.x86_64):

Cert is due for renewal, auto-renewing...
Error while running apachectl -v.

apachectl: The "-v" option is not supported.

Workaround:

dnf downgrade httpd -y
certbot renew
dnf upgrade httpd -y

[SkySrfr]

I ran into the same issue in my environment and fixed it with the following hack steps while maintaining the current apache version:
1: In override_centos.py, I changed line 21 to ctl="httpd"
2: In override_centos.py, I changed line 22 to version_cmd=['httpd', '-v']
3: In configurator.py, I commented out lines 135, 136, and 137

I then re-ran letsencrypt (aka certbot) and everything was successful! Hopefully this helps someone who understands all this code better than I do make a real fix, but at least there is a hack solution in the meantime, and this should continue to work for future versions of apache.

[Wotisrv]

How safe is it to upgrade to Fedora 30? Will this issue follow or is it fixed? I am on Fedora Server 29 now and ran into this issue too. Workaround from ROV28 worked for me #6940 (comment)

[ROV28]

It is solved (certbot-0.31.0-2.fc30.noarch.rpm).

[Barborica-Alexandru]

Sorry but I have the same package as you and it is not yet solved.

I believe the fix is in the package python3-certbot-apache-0.31.0-2.fc30.noarch which is not yet pushed.

[jasonmicron]

Apologies, but this appears to still not be resolved. Fedora 30:

[root@www conf.d]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl -v.

apachectl: The "-v" option is not supported.

The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError("Unable to run ['apachectl', '-v'] -v")
[root@www conf.d]# apachectl -v
apachectl: The "-v" option is not supported.

Package installed from the main DNF repository shipped with Fedora 30:

[root@www conf.d]# rpm -qa|grep -i certbot
certbot-0.31.0-2.fc30.noarch
python3-certbot-0.31.0-2.fc30.noarch
python3-certbot-apache-0.31.0-1.fc30.noarch

If python3-certbot-apache-0.31.0-2.fc30.noarch resolves the issue, I couldn't tell you, as it's not available to me.

[EtchedPixels]

It doesn't at least on Fedora 29. It's all still busted

[elyscape]

Apologies for taking so long to get the update packaged for Fedora. It should be hitting the testing repos shortly. If you want to test and/or provide karma, that can be done on Bodhi:

• Fedora 29 update
• Fedora 30 update

[elyscape]

The update has been pushed to the Fedora testing repos. If you want to use it before it hits the Fedora stable repos and/or provide karma to hasten the promotion to stable, please click on the appropriate link below:

• Fedora 29 update
• Fedora 30 update

[jasonmicron]

Thanks! Just did an update and certbot was bumped up. Re-ran certbot and it works. Thanks for the effort here!

[root@www ~]# rpm -qa|grep -i certbot
certbot-0.34.2-3.fc30.noarch
python3-certbot-0.34.2-3.fc30.noarch
python3-certbot-apache-0.34.2-1.fc30.noarch

[Wotisrv]

Thanks too. It's working like charm on Fedora-Server 29 now.

# rpm -qa | grep certbot certbot-0.34.2-3.fc29.noarch python3-certbot-0.34.2-3.fc29.noarch python3-certbot-apache-0.34.2-1.fc29.noarch