I am failing to find a way to configure an SSL certificate for my droplet running on Centos 9 and an Apache server (version: 2.4.51).
I tried to follow this tutorial but all the package managers I have searched (yum, snap & dnf) do not have the required python3-certbot-apache package nor any python*-certbot-apache package (Ofcourse, the turorial was meant for Centos 8 but I can’t find any reference to securing centos 9). Only snap has the certbot package but that’s not enough to help me at least just obtain an SSL certificate.
Any form of help will be greatly appreciated.
Oooh, just incase this might have valueable information for the bright minds, here are the error logs I get if I try to run, for example, sudo certbot --apache
:
2022-04-01 15:54:42,360:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97 2022-04-01 15:54:42,830:DEBUG:certbot._internal.main:certbot version: 1.25.0 2022-04-01 15:54:42,831:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1888/bin/certbot 2022-04-01 15:54:42,831:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal'] 2022-04-01 15:54:42,831:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2022-04-01 15:54:42,846:DEBUG:certbot._internal.log:Root logging level set at 30 2022-04-01 15:54:42,847:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache 2022-04-01 15:54:42,943:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.51 2022-04-01 15:54:42,986:WARNING:certbot_apache._internal.apache_util:Error in checking parameter list: 2022-04-01 15:54:42,986:DEBUG:certbot._internal.plugins.disco:Misconfigured PluginEntryPoint#apache: Apache is unable to check whether or not the module is loaded because Apache is misconfigured. Traceback (most recent call last): File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 160, in prepare self._initialized.prepare() File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 368, in prepare self.parser = self.get_parser() File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/override_centos.py", line 79, in get_parser return CentOSParser( File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/override_centos.py", line 164, in __init__ super().__init__(*args, **kwargs) File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 79, in __init__ self.update_runtime_variables() File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/override_centos.py", line 169, in update_runtime_variables super().update_runtime_variables() File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 299, in update_runtime_variables self.update_defines() File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 305, in update_defines self.variables = apache_util.parse_defines(self.configurator.options.ctl) File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/apache_util.py", line 153, in parse_defines matches = parse_from_subprocess(define_cmd, r"Define: ([^ n]*)") File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/apache_util.py", line 208, in parse_from_subprocess stdout = _get_runtime_cfg(command) File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/apache_util.py", line 241, in _get_runtime_cfg raise errors.MisconfigurationError( certbot.errors.MisconfigurationError: Apache is unable to check whether or not the module is loaded because Apache is misconfigured. 2022-04-01 15:54:42,988:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin Interfaces: Installer, Authenticator, Plugin Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT Initialized: Prep: Apache is unable to check whether or not the module is loaded because Apache is misconfigured. 2022-04-01 15:54:42,989:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2
Answers
Just incase someone faces the same issue, at the time I posted there was no support for certbot on Centos 9 hence there was no solution to the problem I was facing. In my case I had the luxury of using a different centos version and so that's what I did.
You can yse Certbot from EPEL repository, but apachectl from Apache on CentOS9 doesn’t to, what Certbot is expecting. You have to comment out one exception, as described in
https://github.com/certbot/certbot/issues/8945#issuecomment-1185054399
Unfortunately, Certbot on EPEL is not patched for that and You’ll have to do it after every Certbot upgrade. It works fine on several of mine CentOS 9 hosts.