How to Secure Apache with Let's Encrypt on CentOS 9?

706 views Asked by At

I am failing to find a way to configure an SSL certificate for my droplet running on Centos 9 and an Apache server (version: 2.4.51).

I tried to follow this tutorial but all the package managers I have searched (yum, snap & dnf) do not have the required python3-certbot-apache package nor any python*-certbot-apache package (Ofcourse, the turorial was meant for Centos 8 but I can’t find any reference to securing centos 9). Only snap has the certbot package but that’s not enough to help me at least just obtain an SSL certificate.

Any form of help will be greatly appreciated.

Oooh, just incase this might have valueable information for the bright minds, here are the error logs I get if I try to run, for example, sudo certbot --apache:

2022-04-01 15:54:42,360:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-04-01 15:54:42,830:DEBUG:certbot._internal.main:certbot version: 1.25.0 
2022-04-01 15:54:42,831:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1888/bin/certbot 
2022-04-01 15:54:42,831:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal'] 
2022-04-01 15:54:42,831:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 
2022-04-01 15:54:42,846:DEBUG:certbot._internal.log:Root logging level set at 30 
2022-04-01 15:54:42,847:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache 
2022-04-01 15:54:42,943:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.51 
2022-04-01 15:54:42,986:WARNING:certbot_apache._internal.apache_util:Error in checking parameter list: 
2022-04-01 15:54:42,986:DEBUG:certbot._internal.plugins.disco:Misconfigured PluginEntryPoint#apache: Apache is unable to check whether or not the module is loaded because Apache is misconfigured. Traceback (most recent call last):
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 160, in prepare     self._initialized.prepare()
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 368, in prepare     self.parser = self.get_parser()
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/override_centos.py", line 79, in get_parser     return CentOSParser(
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/override_centos.py", line 164, in __init__     super().__init__(*args, **kwargs)
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 79, in __init__     self.update_runtime_variables()
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/override_centos.py", line 169, in update_runtime_variables     super().update_runtime_variables()
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 299, in update_runtime_variables     self.update_defines()
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 305, in update_defines     self.variables = apache_util.parse_defines(self.configurator.options.ctl)   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/apache_util.py", line 153, in parse_defines     matches = parse_from_subprocess(define_cmd, r"Define: ([^ \n]*)")
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/apache_util.py", line 208, in parse_from_subprocess     stdout = _get_runtime_cfg(command)
   File "/var/lib/snapd/snap/certbot/1888/lib/python3.8/site-packages/certbot_apache/_internal/apache_util.py", line 241, in _get_runtime_cfg     raise errors.MisconfigurationError( certbot.errors.MisconfigurationError: Apache is unable to check whether or not the module is loaded because Apache is misconfigured. 
2022-04-01 15:54:42,988:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin Interfaces: Installer, Authenticator, Plugin Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT Initialized:  Prep: Apache is unable to check whether or not the module is loaded because Apache is misconfigured. 
2022-04-01 15:54:42,989:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2

There are 2 answers

0
Confidence Mukwindidza On BEST ANSWER

Just incase someone faces the same issue, at the time I posted there was no support for certbot on Centos 9 hence there was no solution to the problem I was facing. In my case I had the luxury of using a different centos version and so that's what I did.

0
SeeM On

You can yse Certbot from EPEL repository, but apachectl from Apache on CentOS9 doesn't to, what Certbot is expecting. You have to comment out one exception, as described in https://github.com/certbot/certbot/issues/8945#issuecomment-1185054399

Unfortunately, Certbot on EPEL is not patched for that and You'll have to do it after every Certbot upgrade. It works fine on several of mine CentOS 9 hosts.