Certbot not found - ssl

i installed letsencrypt on my ubuntu 16.04 machine with following command.
sudo apt-get install letsencrypt
Now, i want to define a cronjob to automatically renew my certs with following line.
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
But i always get the error, that the command certbot could not be found.
If i use letsencrypt instead of certbot everything works fine as long as i dont use the --pre-hook and --post-hook.
How to install certbotor is there an alternative command for letsencrypt to define such hooks?
Thanks

For me the following commands working fine.
Install snap
sudo apt update
sudo apt install snapd
Install Core
sudo snap install core
Install Certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Renew Certbot
sudo certbot renew --dry-run

Follow the official instructions and install certbot with
sudo apt install certbot python3-certbot-nginx
or, in newer Ubuntus that have snap, with
sudo snap install --classic certbot
It will be available in $PATH after that.

Ok i found the solution..
git clone git#github.com:certbot/certbot.git
cd certbot
./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start"

This worked for me. I have to specify full path when running certbot with elevated privileges
sudo /snap/bin/certbot renew --dry-run
TL;DR
Although I have /snap/bin in my $PATH
echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/games:/snap/bin
But without providing full path it does not work with sudo. It throws the following error
certbot renew --dry-run
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
and it also works if I (while having /snap/bin in root's $PATH as well) switch to power user
sudo -i
and then run any certbot command
Kindly note I'm on debian 10 and using snapd as package manager according to the tutorial https://certbot.eff.org/lets-encrypt/snap-nginx.
As explained here https://unix.stackexchange.com/questions/245772/why-running-command-as-sudo-returns-command-not-found this is kinda expected and approved of behaviour:
sudo tries to be safe when executing external commands. the usual
workaround is to specify the complete pathname of the program. It's
also more secure; it you don't specify the path, it's conceivable that
an attacker could create another program that will be run with root
permissions.
Going on reading further I can see that my PATHs are different
env | grep ^PATH
sudo env | grep ^PATH
There are several solutions (use custom sudo or change sudo $PATH) provided at the thread Command not found when using sudo so one does not have to specify full path.

try to remove using snap
sudo snap remove certbot
and then install again with
sudo snap install --classic certbot

You can try Let's Certbot.
Let's Certbot is a tool builds automated scripts base on Certbot for obtaining, renewing, deploying SSL certificates.
It supports docker and non-docker environments.
GitHub: https://github.com/jinhucheung/letscertbot

try this
sudo ~/.certbot/bin/certbot certonly --webroot

Related

Difficulties in installing Qlik Catalog related SW

I am installing Qlik Catalog SW on Linux Read Hat Enterprise 7.9 following the instructions of the installation guide.
I have got the first problem in Tomcat Installation. Basically, I am not able to connect to Tomcat with the browser.
Below is a detailed list of commands I have used.
I have tried it using Firefox.
When trying to install Chrome I got other issues.
Any hints?
*** Installing Chrome ***
# sudo yum install glib
# sudo yum list glibc
# sudo wget https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
# sudo yum -y install redhat-lsb libXScrnSaver
# sudo yum -y localinstall google-chrome-stable_current_x86_64.rpm
>>>>>>>>>>>>>>>>>>>>>>>
Error: Package: google-chrome-stable-95.0.4638.54-1.x86_64 (/google-chrome-stable_current_x86_64)
Requires: libc.so.6(GLIBC_2.18)(64bit)
<<<<<<<<<<<<<<<<<<<<<<<
*** Installing Tomcat ***
Install wget (if not already installed):
# sudo yum install -y wget
Become the service account user:
# sudo su - qdcuser
Download Apache Tomcat and extract the file in usr/local/qdc:
$ cd /usr/local/qdc
$ wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.38/bin/apache-tomcat-9.0.38.tar.gz
$ tar -xvf apache-tomcat-9.0.38.tar.gz
Overwrite <tomcat home>/conf/server.xml with the version expanded from the Qlik Catalog zip file:
$ cp /tmp/podium/config/tomcat9-server.xml /usr/local/qdc/apache-tomcat-9.0.38/conf/server.xml
Opening ports 8080 and 8443:
# sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
# sudo firewall-cmd --zone=public --permanent --add-port=8443/tcp
# sudo systemctl restart firewalld.service
Setup Apache Tomcat as a service to automatically start when Linux restarts:
# sudo cp /tmp/podium/config/tomcat.service /etc/systemd/system/
# sudo systemctl daemon-reload
# sudo systemctl enable tomcat.service
Edit the file /etc/systemd/system/tomcat.service to insert the correct user and group names:
# sudo nano /etc/systemd/system/tomcat.service
User=qdcuser
Group=qdcgroup
Start Tomcat manually:
$ cd /usr/local/qdc/apache-tomcat-9.0.38
$ ./bin/startup.sh
Browse to the following URL to verify that Tomcat is running:
https://localhost:8443
>>>>>>>>>>>>>>>>>>>>
Unable to connect
Firefox can’t establish a connection to the server at localhost:8443.
<<<<<<<<<<<<<<<<<<<<<
I too see this issue.. Here is what I think the reason might be..
rpm -qf /usr/lib64/libc.so.6
glibc-2.17-325.el7_9.x86_64
glibc is 2.17 on RHEL 7.9 The developers at google should know this which means it is a bug.
Or. They should provide that library as part of their package and statically link it.
Short answer. For now, until Google figures it out and fixes, I might either remove the package, or skip that package.
To skip..
sudo yum -y update --exclude google-chrome-stable*
To remove... Well.. "sudo yum -y remove google-chrome-stable"
An alternative until google resolve the problem is:
sudo yum update --skip-broken
This can install all updates and ignore chrome

SSL in production server using docker-compose and a dockerised apache2

I have a docker-compose production environment that comprises 4 different services running in an AWS ec2 instance. Everything is running fine, and one of the services is exposed to the world via mapping the internal private ip address to ec2's public ip address.The exposed service is a laravel-vue.js app running in an apache2 server using the image
FROM php:7.2-apache
and some custom commands below. My employer now bought a domain (not from Amazon route 53 but a different provider) and I want to get an ssl certificate for said domain and use it in my apache server. I have never put an ssl certificate before but i kind of understand the theory. My first step was to redirect the domain name from the provider to the public IP address. Now the app is accessible from the domain name via http instead of visiting an ip address.
I'm not sure what the next step should be. Can I get any ssl certificate e.g. from let's encrypt or digicert and place it in my apache server?Would the ssl work only if issued from the domain provider? In my service, would I only have to change the configuration to allow traffic through ssl and I'm done? My apache server doesn't do any dns, it simply exposes a webroot to port 80 and my docker-compose file forwards that ip address so that it becomes accessible to the world.Do I need to change apache dns settings and include the domain name?
This is my relevant docker-compose file part:
app:
ports:
- "172:31.31.159:80:80"
build:
context: .
dockerfile: app/Dockerfile
stdin_open: true
environment:
APACHE_DOCUMENT_ROOT: /var/www/html/public
depends_on:
- api
- app-db
And here is the dockerfile:
FROM php:7.2-apache
COPY /app /var/www/html
WORKDIR /var/www/html
ENV APACHE_DOCUMENT_ROOT=/var/www/html/public
RUN sed -ri -e 's!/var/www/html!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/*.conf
RUN sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf
# update apt-get
RUN apt-get update
# install the required components
RUN apt-get install -y libmcrypt-dev g++ libicu-dev libmcrypt4 zlib1g-dev git libpq-dev libmagickwand-dev
RUN apt-get install zip unzip
# install the PHP extensions we need
RUN docker-php-ext-install pdo pdo_mysql
#RUN apt-get install php-zip
# delete the lists for apt-get as the take up space we do not need.
RUN rm -rf /var/lib/apt/lists/*
# install composer globally so that you can call composer directly
RUN curl -sSL https://getcomposer.org/installer | php
RUN mv composer.phar /usr/local/bin/composer
RUN composer install --optimize-autoloader --no-dev
# enable apache rewrite
RUN a2enmod rewrite
RUN service apache2 restart
RUN apt-get update && \
apt-get install -y --no-install-recommends gnupg && \
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
apt-get update && \
apt-get install -y nodejs && \
npm install -g npm
RUN npm install
RUN npm audit fix
RUN npm run production
# set www permissions
RUN chown -R www-data:1001 .
RUN usermod -u 1001 www-data
RUN php artisan config:cache
Feel free to call out any problems with the dockerfile or docker-compose files as this is my first time using them for production.

Apache2 command such as a2enmod and a2ensite no working its showing command not found in Ubuntu

I am deploying Flask application in Apache2 server during this i need to run a command for enabling mod_wsgi by using:
sudo a2enmod wsgi
but its showing:
sudo: a2enmod: command not found
please help
thanks
I had the same problem with using Ubuntu 16.04 in AWS. However, installing apache2 along with libapache2-mod-wsgi and python-dev solved the issue.
Try:
sudo apt-get update
sudo apt-get install apache2 libapache2-mod-wsgi python-dev
Then,
sudo a2enmod wsgi
I share this tips because it append to me :
If you enter into the root account with su, the /usr/sbin folder is not in the path and the a2enmod command is not found...
So you have to use su - instead ;)
This can happen if you switch to root user as su root instead of su - on Debian Buster
Installation debugging
For asking about installation debugging, you have to post (and think) about
Architecture (hardware)
OS with version
Host attibution (server, desktop, other)
Procedure followed for installation
Software (apache) version
Anyway
You could try to reinstall your package. If under Ubuntu, you could try:
sudo apt update &&
sudo apt reinstall apache2 libapache2-mod-wsgi
Then rerun:
sudo a2enmod wsgi

How to uninstall/remove Certbot Let's Encrypt from Debian 8

I just followed the instuctions found on :
https://certbot.eff.org/#debianjessie-apache
to install let's encrypt certificate on my linux vps.
but unfortunately, installation did not went as I expected because :
A. I already had an instance of apache2 installed - which conflicted
with apache instance certbot installer installs.
B. I have a dynamic dns I want to have as my domain name and add ssl
for, but let's encrypt system seems to have problem with free dns
providers.
so I finally decided to removed certbot and instead try to install local ssl certificate I sign my self personally. I can't find direct un-installation guide for certbot. can you please help ?
Thank You
Alright, I think I found out how to do it :
first I removed certbot using these commands :
sudo apt-get purge certbotapt
sudo apt-get purge python-certbot-apache -t jessie-backports
sudo apt-get purge apache2
then I manually removed files/folders in following :
/myuser/certbot-auto
/myuser/.local/share/letsencrypt/
/etc/letsencrypt/
/var/lib/letsencrypt/
/var/log/letsencrypt/
then I installed a new fresh instance of apache2 :
sudo apt-get install apache2
sudo service apache2 restart
Now things are back to where I was, and I can work on installing personal/local ssl for my project.
Hope this help you too ;)
If you would like to remove its ppa as well then:
sudo add-apt-repository --remove ppa:certbot/certbot

To use Certbot, packages from the EPEL repository need to be installed

I use certbot-auto for deploying Let's Encrypt SSL certificates, and I renew certificate with crontab -e like this:
* 01 * * 1 /home/myname/certbot-auto --quiet
It has an error message like the below:
Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
To use Certbot, packages from the EPEL repository need to be installed.
Please enable this repository and try running Certbot again.
I can't solve this error. Please help me!
Under centos 7, provided the "extras" repo is enabled, you can just run yum -y install epel-release. I'm not sure this is available under Centos 6 (certainly won't hurt to try it). However, to install under CentOS 6 manually you would just run (as root, or using sudo):
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -Uvh epel-release-6*.rpm
Once the EPEL repository is installed on your system, try running certbot again. It should now be able to automatically install any required dependencies.