3

My goal is to get SSL running on my server to run over HTTPS. I'm trying to run the command sudo certbot --apache to generate a certificate for my server as part of these steps https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache.

I'm having issues with this, as when I run the command I get the error

Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
Address already in use: AH00072: make_sock: could not bind to address [::]:80

When I check what is running on port 80, I see httpd.bin.

tcp6       0      0 :::80                   :::*                    LISTEN      1372/httpd.bin

But httpd.bin is said to not be running in the error message above. I have tried to kill the process running on port 80, but have been unable to. I've also tried to locate the PID of the Apache parent process (http://www.informit.com/articles/article.aspx?p=26130&seqNum=3) however, I do not have /acpache directory in usr/local.

How should I proceed with killing the process? - Should I be focusing on killing this process, or is there another way around this issue?

The other confusing thing is that when I run sudo service apache2 status the result is apache2 is not running but I cannot start this process either as port 80 is in use (not sure if Apache2 is required in my scenario.)

Any help would be greatly appreciated!

fuzzi
  • 191
  • 1
  • 8

1 Answers1

0

Currently letsencrypt/certbot with --apache option doesn't work as it is expected. There are some changes that should be applied to the CertBot's mechanism that interact with Apache, but they are not applied yet. I couldn't found the exact article that I've read in January 2018, when I found this issue.

You can use letsencrypt/certbot with the option certonly. With this option the tool will start its own temporal web server to generate the certificate files. Ports 80 and 443 should be open in your firewall. And you should stop Apache for a while. Unfortunately you should do this when you renew the certificates.

sudo service apache2 stop           # Ubuntu 14.04
sudo systemctl stop apache2.service # Ubuntu 16.04 and above

sudo letsencrypt certonly --rsa-key-size 4096 --email user@example.com -d example.com -d www.example.com -d another.example.com
# Select the option: Automatically use temporary web server (standalone)

sudo service apache2 start           # Ubuntu 14.04
sudo systemctl start apache2.service # Ubuntu 16.04 and above

Then you need to edit by hand your virtual host's configuration file. Here is an example with permanent redirection from HTTP to HTTPS (replace example.com with your FQDN):

<VirtualHost *:80>
        ServerName example.com

        # Redirect Requests to HTTPS
        Redirect permanent / https://example.com/

        ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
        CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName example.com
        ServerAdmin admin@example.com

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

        DocumentRoot /var/www/html
        <Directory /var/www/html>
            # Conf directives...
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/example.com.ssl.error.log
        CustomLog ${APACHE_LOG_DIR}/example.com.ssl.access.log combined
    </VirtualHost>
</IfModule>

Enable the SSL module for Apache and restart it once again.

References:

Hope this help!

pa4080
  • 29,351
  • 10
  • 85
  • 161