Error while running apache2ctl graceful httpd not running trying to start

«Error while running apache2ctl graceful» Let’s Encrypt on AWS Lightsail Bitnami

Part of AWS Collective

Being the resident tech in the family I’m helping with launching the new family business website. My experience is extremely limited when it comes to coding and web development (I made a basic html/css website in high school). Please bear with me

So far I have the domain, hosting and DNS working. The host is AWS Lightsail with WordPress running on Ubuntu 16.04 and Bitnami. Now I’m trying to get SSL setup as we want to have credit card payment on the website. After a couple of days of research I’ve gone down the path of Let’s Encrypt and I’m trying to get the certificate on the server. Stop me if I’ve already made some sort of critical error.

and I’ve made some progress until. See the full paste from putty: https://pastebin.com/dhLs7c3A

To summarize I ran the line: «root@ip-172-26-2-150:/home/bitnami# sudo certbot —apache -d profq.com.au -d www.profq.com.au»

and the issue starts at line:

«Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed.»

Any help or advice is greatly appreciated. Thank you

2 Answers 2

Have you simply tried the Bitnami tool, sounds relevant to what you described it sounds like wordpress on lightsail.

To launch the Bitnami HTTPS Configuration Tool, execute the following command and follow the prompts:

You may need to run sudo su to run as root.

This should easily fix the issue.

I run into the same issue yesterday and since no solution has been suggested I will write how I fixed it.

Apparently this issue is not directly connected with the Lightsail instance or the running Apache server, but with the Bitnami stack on top of it. Here are the steps to install letsencrypt certifiaticate, taken from here.

Prerequisite The first thing you need to do is make sure all the packages are updated on your server. You can do that with below command.

1. INSTALL CERTBOT

First, create a directory where you want to install a Certbot client and move into that directory.

Now go ahead and install the Certbot client from official certbot distribution. You also need to make sure that the script has the execute privilege.

Now run the certbot-auto script to complete the installation. The script might show some errors but you can ignore it. It will run and download all the dependency needed for it.

2. GENERATE CERTIFICATE

Once the Certbot client is installed, you can go ahead and generate the certificate for your domain.

^ above is optional only if you don’t store the file in the htdocs folder itself. www.example.com and example.com should be your domain name.

I run into issue after running this command since I didn’t have CNAME record set for the www. version of my site. The error was: DNS problem: NXDOMAIN looking up A for www.example.com To fix it go to your lightsail page, open Netowkring tab and select the DNS zone for your site. Click on Add record under DNS records, select CNAME, in the subdomain enter just www and in the maps to field enter your domain without www. prefix. After doing that running the above command should pass without any issues.

If you need to get certificates for multiple domains, follow this guide. It is basically adding new path to each domains home directory, resulting in the following command:

3. Link Let’s Encrypt SSL Certificate to Apache

You can just copy your SSL certificate on these locations and restart Apache to enable the new file. But with this approach, you will have to copy the files again when you renew your certificate.

So the better approach is to create a symbolic link to your certificate files. Whenever you renew your license, it can take effect without this extra step.

You can use the below commands to create a symbolic link.

Make sure that the certificate file name and path is correct. If you receive an error that file already exists, use the below command to rename the files. Then rerun the above two commands.

Once your symbolic links are in place you can restart the Apache server to make it into effect. Use the below command to restart the Apache server. You can restart it from the Lightsail page as well.

That’s it. After this, going to https://example.com should work and you should see your certificate.

Notice. The certificate is valid for 3 months only, so you need to refresh it every 3 months manually or make a cron job for that. To refresh it once it is time for that, follow the below commands:

Источник

Проблемы с запуском Apache Certbot из-за порта, уже используемого для httpd.bin

Моя цель — заставить SSL работать на моем сервере для работы через HTTPS. Я пытаюсь запустить команду sudo certbot —apache, чтобы сгенерировать сертификат для моего сервера как часть этих шагов. Https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache.

m имеет проблемы с этим, так как когда я запускаю команду, я получаю ошибку

Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed. Address already in use: AH00072: make_sock: could not bind to address [::]:80

Когда я проверяю, что работает на порту 80, я вижу httpd.bin.

tcp6 0 0 . 80 . * LISTEN 1372/httpd.bin

Но, как говорят, httpd.bin не работает в сообщении об ошибке выше. Я попытался убить процесс, выполняющийся на порту 80, но не смог. Я также попытался найти PID родительского процесса Apache ( https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache ), однако у меня нет каталога / acpache в usr / local.

Как я должен продолжить убийство процесса? — Должен ли я сосредоточиться на том, чтобы убить этот процесс, или есть ли другой способ обойти эту проблему?

Другая запутанная вещь заключается в том, что, когда я запускаю sudo-сервис apache2-статус, результат apache2 не работает, но я не могу запустить этот процесс либо используется как порт 80 (не уверен, что Apache2 требуется в моем сценарии.)

Любая помощь будет принята с благодарностью!

2 ответа

В настоящее время letsencrypt / certbot с опцией —apache не работает, как и ожидалось. Существуют некоторые изменения, которые должны применяться к механизму CertBot, который взаимодействует с Apache, но они пока не применяются. Я не смог найти точную статью, которую я прочитал в январе 2018 года, когда нашел эту проблему.

Вы можете использовать letsencrypt / certbot с опцией certonly. С помощью этой опции инструмент запустит собственный временный веб-сервер для создания файлов сертификатов. Порты 80 и 443 должны быть открыты в вашем брандмауэре. И вы должны остановить Apache некоторое время. К сожалению, вы должны сделать это, когда вы renew сертификаты.

sudo service apache2 stop # In 16.04+ use: sudo systemctl stop apache2.service sudo letsencrypt certonly —rsa-key-size 4096 —email user@example.com -d example.com -d www.example.com -d another.example.com # Select the option: Automatically use temporary web server (standalone) sudo service apache2 start # In 16.04+ use: sudo systemctl start apache2.service

Затем вам нужно вручную отредактировать конфигурационный файл вашего виртуального хоста. Вот пример с постоянным перенаправлением с HTTP на HTTPS (замените example.com на ваше FQDN):

ServerName example.com # Redirect Requests to SSL Redirect permanent / https://example.com/ ErrorLog $/example.com.error.log CustomLog $/example.com.access.log combined ServerName example.com ServerAdmin admin@example.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem DocumentRoot /var/www/html # Conf directives. ErrorLog $/example.com.ssl.error.log CustomLog $/example.com.ssl.access.log combined

Включите модуль SSL для Apache и перезапустите его еще раз.

Автоматическое включение HTTPS на вашем веб-сайте с помощью Certbot EFF, развертывание сертификатов Let’s Encrypt: Apache на Ubuntu.

Источник

Error in Certbot renewal process

Today, I moved my application from apache to nginx. I used this tutorial to setup SSL using certbot. Everything went fine, until I run the —dry-run command.

Here is the error I am getting:

I have already uninstalled the apache.

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

It looks like that the certbot is still trying to use Apache instead of Nginx, as from the output I can see that certbot is trying to start Apache but Nginx is already running and that’s why it is failing.

What I could suggest here is getting rid of Apache so that it does not cause any other issues, like starting before Nginx after a reboot.

Then after that, you need to adjust your certbot config:

• As described in the tutorial make sure you actually have the nginx plugin:

Then edit the /etc/letsencrypt/renewal/ somedomain .conf file

In that config file, there are two lines which you need to replace apache2 with nginx :

Then run another renewal test with the certbot —dry-run renew command.

Источник

LetsEncrypt Issue on Ubuntu 16

Last step, getting this error:



Ensure AV Gear Plays Nice on the Corporate Network



It looks like something else may already be running on port 80. Maybe Nginx, lighttpd or some other web server process.

Check to see what is currently bound to port 80:

If it’s not Apache running on port 80 then you need to make some changes to how Certbot works for you. Maybe you can replace whatever is running on port 80 with Apache.



Agreed — no issues with certbot here, something already has port 80 open.

Is this server running another web server like NGINX?



I’ve had instances on some servers where I had to manually stop apache2 before generating or renewing a letsencrypt cert. In my case, it’s usually not that big of a deal for the web server to be down for a few seconds while certbot does it’s thing.



I’ve had instances on some servers where I had to manually stop apache2 before generating or renewing a letsencrypt cert. In my case, it’s usually not that big of a deal for the web server to be down for a few seconds while certbot does it’s thing.

Yes, I have to do this quite a bit, usually with ubuntu.



Rather than do a manual stop and start of Apache you can add it to your pre_hook and post_hook this way the stop and subsequent starts are also done on renewals 60 days later. If a manual stop was required to get your initial cert, it’s likely it’ll be require again at each renewal. Hooks keep your automation going. And for added bonus, have a deploy hook as well that’ll send you an email when a renewal succeeded or failed.

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

Read these next.

How do you like to learn?

There is a lot of buzz and actually also controversy about learning styles and multiple intelligences in the way that we think about learning, so not taking a side here and saying that it is a magical code that will unlock our ability to do all things. T.



poor wifi, school’s third floor

I work as a help desk technician at a high school for a school district. Teachers/students on the building’s third floor have been reporting poor wifi, with their Chromebooks/laptops etc experiencing slow connectivity and random disconnections. We hav.



Need help crafting a job posting for an IT Pro

I’d really appreciate some thoughts and advice. I’m looking to hire an IT pro to be our resident go-to for all things IT (device support, SQL Server, network admin, etc) but who also is interested in learning — or even has some experience in — the.



Snap! — AI Eye Contact, Mine Batteries, Headset-free Metaverse, D&D Betrayal

Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: January 13, 1874: Adding Machine Patented (Read more HERE.) Bonus Flashback: January 13, 1990: Astronauts awakened to the song Attack of the Killer Tomatoes (Read mor.



Spark! Pro series – 13th January 2023

Happy Friday the 13th! This day has a reputation for being unlucky, but I hope that you’ll be able to turn that around and have a great day full of good luck and good fortune. Whether you’re superstitious or not, .

Источник

Lets Encrypt error with ubuntu 16.04

Hello, I’m newbie and I’m trying to use letsencrypt on my site following this tutorial https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 but it gives the following error below. Can someone help me…

Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed. The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist AH00558: apache2: Could not reliably determine the server’s fully qualified doma in name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress th is message (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8 0 (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0. 0:80 no listening sockets available, shutting down AH00015: Unable to open logs

Cleaning up challenges Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed. The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified doma in name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress th is message (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8 0 (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0. 0:80 no listening sockets available, shutting down AH00015: Unable to open logs

Encountered exception during recovery Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed. The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified doma in name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress th is message (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8 0 (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0. 0:80 no listening sockets available, shutting down AH00015: Unable to open logs Traceback (most recent call last): File “/usr/lib/python2.7/dist-packages/certbot/error_handler.py”, line 99, in _call_registered self.funcs-1 File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 284, in _cleanup_challenges self.auth.cleanup(achalls) File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1 908, in cleanup self.restart() File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1 797, in restart self._reload() File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1 808, in _reload raise errors.MisconfigurationError(str(err)) MisconfigurationError: Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed. The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified doma in name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress th is message (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8 0 (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0. 0:80 no listening sockets available, shutting down AH00015: Unable to open logs

Источник

Проблемы с запуском Apache Certbot из-за порта, уже используемого для httpd.bin

Моя цель — заставить SSL работать на моем сервере для работы через HTTPS. Я пытаюсь запустить команду sudo certbot —apache, чтобы сгенерировать сертификат для моего сервера как часть этих шагов. Https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache.

m имеет проблемы с этим, так как когда я запускаю команду, я получаю ошибку

Error while running apache2ctl graceful. httpd not running, trying to start Action ‘graceful’ failed. Address already in use: AH00072: make_sock: could not bind to address [::]:80

Когда я проверяю, что работает на порту 80, я вижу httpd.bin.

tcp6 0 0 . 80 . * LISTEN 1372/httpd.bin

Но, как говорят, httpd.bin не работает в сообщении об ошибке выше. Я попытался убить процесс, выполняющийся на порту 80, но не смог. Я также попытался найти PID родительского процесса Apache ( https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache ), однако у меня нет каталога / acpache в usr / local.

Как я должен продолжить убийство процесса? — Должен ли я сосредоточиться на том, чтобы убить этот процесс, или есть ли другой способ обойти эту проблему?

Другая запутанная вещь заключается в том, что, когда я запускаю sudo-сервис apache2-статус, результат apache2 не работает, но я не могу запустить этот процесс либо используется как порт 80 (не уверен, что Apache2 требуется в моем сценарии.)

Любая помощь будет принята с благодарностью!

2 ответа

В настоящее время letsencrypt / certbot с опцией —apache не работает, как и ожидалось. Существуют некоторые изменения, которые должны применяться к механизму CertBot, который взаимодействует с Apache, но они пока не применяются. Я не смог найти точную статью, которую я прочитал в январе 2018 года, когда нашел эту проблему.

Вы можете использовать letsencrypt / certbot с опцией certonly. С помощью этой опции инструмент запустит собственный временный веб-сервер для создания файлов сертификатов. Порты 80 и 443 должны быть открыты в вашем брандмауэре. И вы должны остановить Apache некоторое время. К сожалению, вы должны сделать это, когда вы renew сертификаты.

sudo service apache2 stop # In 16.04+ use: sudo systemctl stop apache2.service sudo letsencrypt certonly —rsa-key-size 4096 —email user@example.com -d example.com -d www.example.com -d another.example.com # Select the option: Automatically use temporary web server (standalone) sudo service apache2 start # In 16.04+ use: sudo systemctl start apache2.service

Затем вам нужно вручную отредактировать конфигурационный файл вашего виртуального хоста. Вот пример с постоянным перенаправлением с HTTP на HTTPS (замените example.com на ваше FQDN):

ServerName example.com # Redirect Requests to SSL Redirect permanent / https://example.com/ ErrorLog $/example.com.error.log CustomLog $/example.com.access.log combined ServerName example.com ServerAdmin admin@example.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem DocumentRoot /var/www/html # Conf directives. ErrorLog $/example.com.ssl.error.log CustomLog $/example.com.ssl.access.log combined

Включите модуль SSL для Apache и перезапустите его еще раз.

Автоматическое включение HTTPS на вашем веб-сайте с помощью Certbot EFF, развертывание сертификатов Let’s Encrypt: Apache на Ubuntu.

Источник

Error in Certbot renewal process

Today, I moved my application from apache to nginx. I used this tutorial to setup SSL using certbot. Everything went fine, until I run the —dry-run command.

Here is the error I am getting:

I have already uninstalled the apache.

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

It looks like that the certbot is still trying to use Apache instead of Nginx, as from the output I can see that certbot is trying to start Apache but Nginx is already running and that’s why it is failing.

What I could suggest here is getting rid of Apache so that it does not cause any other issues, like starting before Nginx after a reboot.

Then after that, you need to adjust your certbot config:

• As described in the tutorial make sure you actually have the nginx plugin:

Then edit the /etc/letsencrypt/renewal/ somedomain .conf file

In that config file, there are two lines which you need to replace apache2 with nginx :

Then run another renewal test with the certbot —dry-run renew command.

Источник

LetsEncrypt Issue on Ubuntu 16

Last step, getting this error:



Enter to win a Win $150 GC and Binho Board set, or Intel® Pins

5 Replies



It looks like something else may already be running on port 80. Maybe Nginx, lighttpd or some other web server process.

Check to see what is currently bound to port 80:

If it’s not Apache running on port 80 then you need to make some changes to how Certbot works for you. Maybe you can replace whatever is running on port 80 with Apache.



Agreed — no issues with certbot here, something already has port 80 open.

Is this server running another web server like NGINX?



I’ve had instances on some servers where I had to manually stop apache2 before generating or renewing a letsencrypt cert. In my case, it’s usually not that big of a deal for the web server to be down for a few seconds while certbot does it’s thing.



I’ve had instances on some servers where I had to manually stop apache2 before generating or renewing a letsencrypt cert. In my case, it’s usually not that big of a deal for the web server to be down for a few seconds while certbot does it’s thing.

Yes, I have to do this quite a bit, usually with ubuntu.



Rather than do a manual stop and start of Apache you can add it to your pre_hook and post_hook this way the stop and subsequent starts are also done on renewals 60 days later. If a manual stop was required to get your initial cert, it’s likely it’ll be require again at each renewal. Hooks keep your automation going. And for added bonus, have a deploy hook as well that’ll send you an email when a renewal succeeded or failed.

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

Read these next.

System-Root Full — 5230 Appliance

Before I begin, I know this appliance is EOL, but I need to keep it around for historical reasons. I have already reached out to support, they can’t help. I also have posted this on the VOX Community I have an issue with my 5230 appliance (I know it’s .



Snap! — Eyeless Telescope, John Deere Caves, AI-Simulated Voices, Flipper Zero

Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: Back on January 10, 1938: Donald Ervin Knuth, best known for The Art of Computer Programming, is born (Read more HERE.) Bonus Flashback: Back on January 10, 1946: Rad.



Spark! Pro Series — 10 January 2023

Not a lot of tech history today. A few interesting space tidbits, and some great birthdays!Today in History: 10 January 1878 – US Senate proposes female suffrage 1901 – Oil discovered at Spindletop, Beaumont, ma.



dual boot windows and ubuntu

hi all,i have installed ubuntu alongside windows on a laptop, (i used the ubuntu installation when it came into partitioning the disk)trouble is now instead of booting up and asking what OS to use, it automatically boots up into windows every time, the on.



Nerd Journey # 201 — Generate Depth On-Demand with Yvette Edwards (1/2)

Sometimes we don’t learn about a career path or role until someone tells us about it. Yvette Edwards was a young developer who was encouraged to attend a career fair by a colleague. At that career fair she took the time to learn about the role of a sale.

Источник

certbot blindly adds port 443 to apache conf #5517

Comments

poizan42 commented Jan 30, 2018

My operating system is (include version):

debian jessie 8.10

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

I ran this command and it produced this output:

Certbot’s behavior differed from what I expected because:

Content of /etc/apache2/ports.conf before running certbot:

Contents of /ec/apache2/ports.conf after running certbot:

certbot just blindly adds port 443. If apache is configured to not listen on port 443 then there is probably a very good reason for that, under no circumstances should certbot ever automatically add port 443 as it breaks the current apache configuration if anything else is listening on port 443. Either should certbot query the user interactively for information about mapping of local port to external port or it should fail and ask the user to run certbot with manually given arguments.

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

The text was updated successfully, but these errors were encountered:

SwartzCr commented Jan 30, 2018

joohoi commented Jan 31, 2018

I’m sorry you are having problems with Certbot @poizan42 .

First and foremost, I really think we need to add Listen statements in order to migrate a HTTP only configurations to HTTPS. That said, this issue is still spot on, as in this case we’re failing to actually deploy certificates in this kind of configuration. There are actually two different issues under this one. One for situations where user doesn’t have an active HTTPS configuration, but would like to bind HTTPS to a non-standard port. The other one would be this exact issue you are facing.

As we need to define a port for Apache to use for the new HTTPS VirtualHost s, a possible fix for this particular issue would be:

• Add a CLI parameter that allows user to define the port that HTTPS should be served on. We already have a functionality in place that checks if Apache listens to a specific port, and add a Listen statement if not. Currently this is fixed to 443 which is the reason behind this issue.

And perhaps for the configurations that already are serving HTTPS VirtualHost s:

• If a HTTPS enabled VirtualHost is found anywhere in the active configuration, use port from that configuration for setting up the newly created VirtualHost s. If we’re configuring certificates for pre-existing VirtualHost , skip the Listen statement addition completely.

poizan42 commented Jan 31, 2018 •

Let me be a clear that I’m not complaining that this functionally exists, but that it happens automatically. I believe that the default configuration in most distros has the guarded Listen 443, so if that is not there then it is most likely because the user has intentionally changed it. Everything would be fine if it just asked the user what to do (and to give a cli option in the future for automatic renewal).

• Add a CLI parameter that allows user to define the port that HTTPS should be served on. We already have a functionality in place that checks if Apache listens to a specific port, and add a Listen statement if not. Currently this is fixed to 443 which is the reason behind this issue.

Actually —tls-sni-01-port does half of it. The following worked for me:

Источник