Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fedora apachectl 2.4.39 no longer supports passing arguments to httpd #6940

Closed
berenddeschouwer opened this issue Apr 10, 2019 · 14 comments

Comments

@berenddeschouwer
Copy link

commented Apr 10, 2019

My operating system is (include version):

Fedora 29

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

OS package manager
Additionally: httpd-2.4.39

I ran this command and it produced this output:

certbot renew --apache
apachectl: The "-v" option is not supported.

Certbot's behavior differed from what I expected because:

certbot gets invalid output from apachectl

Here is a Certbot log showing the issue (if available):

/usr/sbin/apachectl doesn't support -v, nor -t -D DUMP_RUN_CFG, DUMP_INCLUDES, DUMP_MODULES

Hacking apachectl (or a different one in the path) to specifically allow these options makes it work.

Running httpd -v or -t -D DUMP_RUN_CFG does work, apachectl doesn't.

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

not relevant, change to /usr/sbin/apachectl, probably in 2.4.39. httpd (and config) is fine, apachectl is not.

not sure if I should file a bug here, or with Fedora

Issue #5439 seems very similar, but appears to be for restart of apache only. This issue occurs before the certificate -- certbot is still verifying if apache is installed.

@Barborica-Alexandru

This comment has been minimized.

Copy link

commented Apr 10, 2019

Yes same problem. I tried replacing apachectl with a link to httpd but that did not work. Change was made with recent apache 2.4.39 update.

Never knew the hassle updating certificates manually would be. I cannot renew the old certificate either as certbot does not ask me if I wanna spin up a temporary webserver when I want to renew, only when using certbot certonly.

@ohemorange

This comment has been minimized.

Copy link
Contributor

commented Apr 11, 2019

@joohoi looks like something's changed with Apache.

@ROV28

This comment has been minimized.

Copy link

commented Apr 13, 2019

Same problem here (Fedora 29 - Apache: httpd-2.4.39-2.fc29.x86_64):

Cert is due for renewal, auto-renewing...
Error while running apachectl -v.

apachectl: The "-v" option is not supported.

Workaround:

dnf downgrade httpd -y
certbot renew
dnf upgrade httpd -y
@SkySrfr

This comment has been minimized.

Copy link

commented Apr 15, 2019

I ran into the same issue in my environment and fixed it with the following hack steps while maintaining the current apache version:
1: In override_centos.py, I changed line 21 to ctl="httpd"
2: In override_centos.py, I changed line 22 to version_cmd=['httpd', '-v']
3: In configurator.py, I commented out lines 135, 136, and 137

I then re-ran letsencrypt (aka certbot) and everything was successful! Hopefully this helps someone who understands all this code better than I do make a real fix, but at least there is a hack solution in the meantime, and this should continue to work for future versions of apache.

@Wotisrv

This comment has been minimized.

Copy link

commented May 19, 2019

How safe is it to upgrade to Fedora 30? Will this issue follow or is it fixed? I am on Fedora Server 29 now and ran into this issue too. Workaround from ROV28 worked for me #6940 (comment)

@ROV28

This comment has been minimized.

Copy link

commented May 19, 2019

It is solved (certbot-0.31.0-2.fc30.noarch.rpm).

@Barborica-Alexandru

This comment has been minimized.

Copy link

commented May 20, 2019

Sorry but I have the same package as you and it is not yet solved.

I believe the fix is in the package python3-certbot-apache-0.31.0-2.fc30.noarch which is not yet pushed.

@jasonmicron

This comment has been minimized.

Copy link

commented May 26, 2019

Apologies, but this appears to still not be resolved. Fedora 30:

[root@www conf.d]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl -v.

apachectl: The "-v" option is not supported.

The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError("Unable to run ['apachectl', '-v'] -v")
[root@www conf.d]# apachectl -v
apachectl: The "-v" option is not supported.

Package installed from the main DNF repository shipped with Fedora 30:

[root@www conf.d]# rpm -qa|grep -i certbot
certbot-0.31.0-2.fc30.noarch
python3-certbot-0.31.0-2.fc30.noarch
python3-certbot-apache-0.31.0-1.fc30.noarch

If python3-certbot-apache-0.31.0-2.fc30.noarch resolves the issue, I couldn't tell you, as it's not available to me.

@EtchedPixels

This comment has been minimized.

Copy link

commented May 28, 2019

It doesn't at least on Fedora 29. It's all still busted

@elyscape

This comment has been minimized.

Copy link
Contributor

commented May 29, 2019

Apologies for taking so long to get the update packaged for Fedora. It should be hitting the testing repos shortly. If you want to test and/or provide karma, that can be done on Bodhi:

@elyscape

This comment has been minimized.

Copy link
Contributor

commented May 30, 2019

The update has been pushed to the Fedora testing repos. If you want to use it before it hits the Fedora stable repos and/or provide karma to hasten the promotion to stable, please click on the appropriate link below:

@jasonmicron

This comment has been minimized.

Copy link

commented Jun 1, 2019

Thanks! Just did an update and certbot was bumped up. Re-ran certbot and it works. Thanks for the effort here!

[root@www ~]# rpm -qa|grep -i certbot
certbot-0.34.2-3.fc30.noarch
python3-certbot-0.34.2-3.fc30.noarch
python3-certbot-apache-0.34.2-1.fc30.noarch
@Wotisrv

This comment has been minimized.

Copy link

commented Jun 6, 2019

Thanks too. It's working like charm on Fedora-Server 29 now.

# rpm -qa | grep certbot certbot-0.34.2-3.fc29.noarch python3-certbot-0.34.2-3.fc29.noarch python3-certbot-apache-0.34.2-1.fc29.noarch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.