Bug 2104867
| Summary: | certbot-apache doesn't work with RHEL 9 httpd | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | marcin <marcin> |
| Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
| Status: | CLOSED WONTFIX | QA Contact: | rhel-cs-infra-services-qe <rhel-cs-infra-services-qe> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | CentOS Stream | CC: | bstinson, jorton, jwboyer, luhliari, marcin |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-09-14 10:16:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
certbot should run httpd directly, and I can see there is a PR upstream do do exactly this, which is the best way to fix this: https://github.com/certbot/certbot/pull/9402 I would rather not try to add more special cases in apachectl. |
Description of problem: While certbot-apache isn't packaged in CentOS 9 yet, it can be installed with `pip`, for instance with the following commands: ``` dnf -y install certbot pip install certbot-apache ``` It can be also installed by rebuilding a Fedora package `python-certbot-apache`. Other guides suggest using `snap` to install `certbot`. Version-Release number of selected component (if applicable): * httpd-2.4.53-4.el9 * certbot-1.27.0-2.el9 How reproducible: Always Steps to Reproduce: 1. Install httpd 2. Install epel-release 3. Install certbot 4. Install certbot-apache 5. Run certbot --apache Actual results: ``` # certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Error in checking parameter list: The apache plugin is not working; there may be problems with your existing configuration. The error was: MisconfigurationError('Apache is unable to check whether or not the module is loaded because Apache is misconfigured.') ``` Expected results: certbot should provide a regular functionality: allow to select domains, generate certificates for them, edit httpd configurations and reload httpd. Additional info: certbot-apache calls the following command: ``` apachectl -t -D DUMP_RUN_CFG ``` On CentOS 8, this command returned with representation of httpd configuration, so that certbot-apache worked correctly. On CentOS 9 it only returns the following: ``` Passing arguments to httpd using apachectl is no longer supported. You can only start/stop/restart httpd using this script. To pass extra arguments to httpd, see the httpd.service(8) man page. ``` It is possible to patch /usr/sbin/apachectl to make certbot work: ``` --- /usr/sbin/apachectl.old 2022-07-07 13:03:41.288885616 +0200 +++ /usr/sbin/apachectl 2022-07-07 11:45:49.871770987 +0200 @@ -31,13 +31,13 @@ SVC='httpd.service' HTTPD='/usr/sbin/httpd' -if [ "x$2" != "x" ] ; then - echo Passing arguments to httpd using apachectl is no longer supported. - echo You can only start/stop/restart httpd using this script. - echo To pass extra arguments to httpd, see the $SVC'(8)' - echo man page. - exit 1 -fi +#if [ "x$2" != "x" ] ; then +# echo Passing arguments to httpd using apachectl is no longer supported. +# echo You can only start/stop/restart httpd using this script. +# echo To pass extra arguments to httpd, see the $SVC'(8)' +# echo man page. +# exit 1 +#fi case $ACMD in start|stop|restart|status) @@ -57,7 +57,8 @@ ERROR=$? ;; configtest|-t) - $HTTPD -t + shift + $HTTPD -t "$@" ERROR=$? ;; -v|-V) ``` (Do note, that if you patch it manually, it will be reverted on update)