677256 – app-crypt/certbot - Cert is due for renewal, auto-renewing... Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration. The error was: PluginError('Unable to find Apache version',)

Bug 677256 - app-crypt/certbot - Cert is due for renewal, auto-renewing... Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration. The error was: PluginError('Unable to find Apache version',)

Summary: app-crypt/certbot - Cert is due for renewal, auto-renewing... Could not choos...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal (vote)
Assignee:	Matthew Thode ( prometheanfire )

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-02-04 15:10 UTC by Marko Weber Bürgermeister
Modified:	2019-02-06 20:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
letsencrypt.log (letsencrypt.log,7.06 KB, text/plain) 2019-02-04 17:12 UTC, Marko Weber Bürgermeister	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marko Weber Bürgermeister 2019-02-04 15:10:44 UTC

when i want to renew certs with certbot ( tried 0.29.1 - 0.30.1-r1)
i get a failure that apache plugin is not working.
On my system ist apache-2.2.34

i get:


Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/xxxxxxx.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',)
Attempting to renew cert (xxxxxxxxxx.de) from /etc/letsencrypt/renewal/xxxxxxxx.de.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',). Skipping.


the logfile:

2019-02-04 16:02:28,945:DEBUG:certbot.main:certbot version: 0.30.1
2019-02-04 16:02:28,946:DEBUG:certbot.main:Arguments: []
2019-02-04 16:02:28,947:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-02-04 16:02:28,972:DEBUG:certbot.log:Root logging level set at 20
2019-02-04 16:02:28,973:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-02-04 16:02:29,002:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f67814d1c88> and installer <certbot.cli._Default object at 0x7f67814d1c88>
2019-02-04 16:02:29,029:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-02-04 03:05:22 UTC.
2019-02-04 16:02:29,030:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2019-02-04 16:02:29,030:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-02-04 16:02:29,112:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#apache): Unable to find Apache version
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/certbot/plugins/disco.py", line 132, in prepare
    self._initialized.prepare()
  File "/usr/lib64/python3.6/site-packages/certbot_apache/configurator.py", line 239, in prepare
    self.version = self.get_version()
  File "/usr/lib64/python3.6/site-packages/certbot_apache/configurator.py", line 2237, in get_version
    raise errors.PluginError("Unable to find Apache version")
certbot.errors.PluginError: Unable to find Apache version
2019-02-04 16:02:29,114:DEBUG:certbot.plugins.selection:No candidate plugin
2019-02-04 16:02:29,114:DEBUG:certbot.plugins.selection:No candidate plugin
2019-02-04 16:02:29,114:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2019-02-04 16:02:29,114:INFO:certbot.main:Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',)
2019-02-04 16:02:29,118:WARNING:certbot.renewal:Attempting to renew cert (mail.zbfmail.de) from /etc/letsencrypt/renewal/mail.zbfmail.de.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',). Skipping.
2019-02-04 16:02:29,119:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/certbot/renewal.py", line 452, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib64/python3.6/site-packages/certbot/main.py", line 1186, in renew_cert
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib64/python3.6/site-packages/certbot/plugins/selection.py", line 237, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib64/python3.6/site-packages/certbot/plugins/selection.py", line 341, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',)

2019-02-04 16:02:29,145:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-02-03 03:05:31 UTC.
2019-02-04 16:02:29,145:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2019-02-04 16:02:29,145:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-02-04 16:02:29,221:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#apache): Unable to find Apache version
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/certbot/plugins/disco.py", line 132, in prepare
    self._initialized.prepare()
  File "/usr/lib64/python3.6/site-packages/certbot_apache/configurator.py", line 239, in prepare
    self.version = self.get_version()
  File "/usr/lib64/python3.6/site-packages/certbot_apache/configurator.py", line 2237, in get_version
    raise errors.PluginError("Unable to find Apache version")
certbot.errors.PluginError: Unable to find Apache version
2019-02-04 16:02:29,222:DEBUG:certbot.plugins.selection:No candidate plugin
2019-02-04 16:02:29,222:DEBUG:certbot.plugins.selection:No candidate plugin
2019-02-04 16:02:29,223:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2019-02-04 16:02:29,223:INFO:certbot.main:Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',)
2019-02-04 16:02:29,223:WARNING:certbot.renewal:Attempting to renew cert (wiki.zackbummfertig.de) from /etc/letsencrypt/renewal/wiki.zackbummfertig.de.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',). Skipping.
2019-02-04 16:02:29,224:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/certbot/renewal.py", line 452, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib64/python3.6/site-packages/certbot/main.py", line 1186, in renew_cert
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib64/python3.6/site-packages/certbot/plugins/selection.py", line 237, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib64/python3.6/site-packages/certbot/plugins/selection.py", line 341, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Unable to find Apache version',)

2019-02-04 16:02:29,224:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2019-02-04 16:02:29,225:ERROR:certbot.renewal:  /etc/letsencrypt/live/xxxxxxxxxx/fullchain.pem (failure)
  /etc/letsencrypt/live/xxxxxxxxxxx/fullchain.pem (failure)
2019-02-04 16:02:29,225:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.6/certbot", line 11, in <module>
    load_entry_point('certbot==0.30.1', 'console_scripts', 'certbot')()
  File "/usr/lib64/python3.6/site-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/usr/lib64/python3.6/site-packages/certbot/main.py", line 1271, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib64/python3.6/site-packages/certbot/renewal.py", line 477, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 2 renew failure(s), 0 parse failure(s)



emerge --info:

Portage 2.3.51 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.14_weber-4.19.14 x86_64)
=================================================================
System uname: Linux-4.19.14_weber-4.19.14-x86_64-Intel_Xeon_E312xx_-Sandy_Bridge-with-gentoo-2.6
KiB Mem:     4041624 total,    422512 free
KiB Swap:     511996 total,    511996 free
Timestamp of repository gentoo: Mon, 04 Feb 2019 14:00:01 +0000
Head commit of repository gentoo: 74a53c829a3bb8619b12b2abd16479b00d9a0072
sh bash 4.4_p12
ld GNU ld (Gentoo 2.30 p5) 2.30.0
app-shells/bash:          4.4_p12::gentoo
dev-lang/perl:            5.26.2::gentoo
dev-lang/python:          2.7.15::gentoo, 3.4.8::gentoo, 3.6.5::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.38.3-r1::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.13.4-r2::gentoo, 1.15.1-r2::gentoo, 1.16.1-r1::gentoo
sys-devel/binutils:       2.30-r4::gentoo
sys-devel/gcc:            7.3.0-r3::gentoo
sys-devel/gcc-config:     2.0::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.14-r1::gentoo (virtual/os-headers)
sys-libs/glibc:           2.27-r6::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-extra-opts:
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-jobs: 1

x-special
    location: /usr/portage/local/special
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -mtune=generic -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/spool/munin-async/.ssh"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/apache2-php7.2/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cgi-php7.2/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/php/cli-php7.2/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -mtune=generic -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_GB.utf8"
LDFLAGS="-Wl,--as-needed"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl amd64 audit berkdb bzip2 cli crypt cxx dri fortran gdbm iconv libtirpc multilib ncurses nls nptl openmp pam pcre readline seccomp ssl tcpd unicode xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user cache cgi cgid deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif status unique_id vhost_alias" APACHE2_MPMS="prefork" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby24" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Matthew Thode ( prometheanfire ) archtester

2019-02-04 17:03:54 UTC

I doubt it's related, but

https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

can you upload the log as a file (and not pasted text)?

Comment 2 Marko Weber Bürgermeister 2019-02-04 17:12:42 UTC

Created attachment 563716 [details]
letsencrypt.log

the wanted letsencrypt.log

Comment 3 Marko Weber Bürgermeister 2019-02-04 17:18:12 UTC

the config of the domain:

# renew_before_expiry = 30 days
version = 0.25.1
archive_dir = /etc/letsencrypt/archive/mail.xxxx.de
cert = /etc/letsencrypt/live/mail.xxxxx.de/cert.pem
privkey = /etc/letsencrypt/live/mail.xxxxx.de/privkey.pem
chain = /etc/letsencrypt/live/mail.xxxxx.de/chain.pem
fullchain = /etc/letsencrypt/live/mail.xxxxxx.de/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 7774____________________
authenticator = apache
installer = apache

Comment 4 Matthew Thode ( prometheanfire ) archtester

2019-02-04 17:44:26 UTC

Is this a new issue or an initial setup issue?

Comment 5 Marko Weber Bürgermeister 2019-02-04 20:58:43 UTC

(In reply to Matthew Thode ( prometheanfire ) from comment #4)
> Is this a new issue or an initial setup issue?

No, its an old installation. certbot updatet.
I got mails from letsencrypt certs has to renewed.
today as i started the loginpage on browser i got certfailures,
so i checked on console renew cert and got the failures.

Comment 6 Marko Weber Bürgermeister 2019-02-04 21:44:35 UTC

seems i have only on my system with apache 2.2.34 the problems
on other gentoo machine with apache 2.4.34 no problems.
any ideas?

Comment 7 Matthew Thode ( prometheanfire ) archtester

2019-02-04 21:54:06 UTC

possibly an upstream issue with old versions of apache

Comment 8 Marko Weber Bürgermeister 2019-02-04 22:22:31 UTC

(In reply to Matthew Thode ( prometheanfire ) from comment #7)
> possibly an upstream issue with old versions of apache

can you fix this?

Comment 9 Matthew Thode ( prometheanfire ) archtester

2019-02-04 23:01:18 UTC

I don't actually use the apache plugin myself (only took the package over when it was going to be abandoned).

Comment 10 Marko Weber Bürgermeister 2019-02-06 19:35:26 UTC

so at the end,
i updated all to apache 2.4.xx and voila not working..

so what is the worth of reporting bugs here?
you say you never used / use apache plugin you just took over the package.
now certbot tells me something too many request you are blocked bla bla
so for me and for a small company its faster and easier to pay 30$ for a cert and bammm go ahead?

thanks for your effort.
on the letsencrpyt page is written , "oh you are blocked? just wait a week for unlock.." joking or???

its ok, thats why these cert selling companies will live a while longer

marko

Comment 11 Marko Weber Bürgermeister 2019-02-06 20:29:33 UTC

[SOLVED]

- move or delete /etc/letsencrypt
- certbot register -m user@mail.com, accept license , support EFF :-)
- certbot certonly --webroot -w /var/www/pathto/htdocs -d yourdomain.com
- edit vhost to point to the certs if not allready done
- restart apache! 

if anyone else run into this sh*** with apache 2.2 and having problems after migration to apache 2.4.

slainte!
marko

Comment 12 Matthew Thode ( prometheanfire ) archtester

2019-02-06 20:42:10 UTC

I'm not sure why a new registration would work while your old one wont, but you may want to test forcing a cert renewal just in case the proble is with renewal and not the initial registration.