Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in /etc/httpd/conf.d/ssl.conf on CentOS 8 #7397

Closed
arcdetri opened this issue Sep 25, 2019 · 11 comments
Closed

Error in /etc/httpd/conf.d/ssl.conf on CentOS 8 #7397

arcdetri opened this issue Sep 25, 2019 · 11 comments
Labels
area: apache area: fedora / redhat / CentOS needs-update

Comments

@arcdetri
Copy link

If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.

My operating system is (include version):

CentOS 8

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

certbot-auto

I ran this command and it produced this output:

/usr/local/bin/certbot-auto certonly --apache -d www.example.com

Error message refers to /etc/httpd/conf.d/ssl.conf, saying file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty.

Need to fix this error by deleting the erroneous configuration file and rerunning the Certbot command:

rm /etc/httpd/conf.d/ssl.conf
/usr/local/bin/certbot-auto certonly --apache -d www.example.com

Certbot's behavior differed from what I expected because:

certonly should not create /etc/httpd/conf.d/ssl.conf in the first place, and it should not contain an error, as I will create the SSL virtual host manually

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:
@alexzorin
Copy link
Collaborator

alexzorin commented Sep 25, 2019
edited

certonly should not create /etc/httpd/conf.d/ssl.conf in the first place

I don't think that's what's happening.

Try this:

  1. Install blank CentOS 8
  2. yum -y install httpd mod_ssl
  3. apachectl -t

Result:

[root@7a8cbcb0d9f5 /]# apachectl -t
AH00526: Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
[root@7a8cbcb0d9f5 /]# rpm -qf /etc/httpd/conf.d/ssl.conf
mod_ssl-2.4.41-1.fc30.x86_64
[root@7a8cbcb0d9f5 /]#

The act of installing mod_ssl (which Certbot depends on) creates a broken Apache configuration.

@arcdetri
Copy link
Author

Thanks. My test confirms your findings. I have filed this result with CentOS, though my report appears to be held in a moderation queue.

@bmw
Copy link
Member

bmw commented Sep 26, 2019

I think you can fix the problem by (re)starting Apache through systemd. I think this is the CentOS 8 version of #7273.

@bmw bmw mentioned this issue Sep 26, 2019
Closed
@rizkyarlin
Copy link

I think you can fix the problem by (re)starting Apache through systemd. I think this is the CentOS 8 version of #7273.

Running systemctl restart httpd gave me See "systemctl status httpd.service" and "journalctl -xe" for details. on CentOS8

@rizkyarlin
Copy link

Fixed mine by removing /etc/httpd/conf.d/ssl.conf, then rerun sudo /usr/local/bin/certbot-auto --apache

@worthwhileindustries
Copy link

When the mod_ssl package is installed, it should create a self-signed key and certificate files for the localhost. If the files are not automatically created, you can create them using the openssl command:

sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \
  -out /etc/pki/tls/certs/localhost.crt \
  -keyout /etc/pki/tls/private/localhost.key

then run certbot-auto again

@mattsimpson
Copy link

@worthwhileindustries Yes, that definitely creates the missing localhost.crt file needed by Apache. Thanks for that.

This has got to be a bug though. @arcdetri Did anyone ever get back to you about the bug report?

@mattsimpson
Copy link

Hm. It appears this is just "the way" now?

https://bugzilla.redhat.com/show_bug.cgi?id=1764838

Yup, you need to run /usr/libexec/httpd-ssl-gencerts

@geocfu
Copy link

geocfu commented Aug 30, 2020

Confirming this. I was searching for at least 1.5 hours because my virtualhost was not being resolved.

Deleting /etc/httpd/conf.d/ssl.conf and running sudo certbot --apache did the trick for me.

@github-actions
Copy link

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

@github-actions
Copy link

This issue has been closed due to lack of activity, but if you think it should be reopened, please open a new issue with a link to this one and we'll take a look.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: apache area: fedora / redhat / CentOS needs-update
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@mattsimpson @alexzorin @worthwhileindustries @bmw @geocfu @rizkyarlin @arcdetri