CODEWITHSUNDEEP
djangosslapache2lets-encryptcertbot
Arunabh Das
Arunabh Das

Reputation: 14382

Apache with SSL configuration not working with WSGI configuration for Django app

This is a follow-up on the following issues on github :

https://github.com/certbot/certbot/issues/1820

and

https://github.com/certbot/certbot/issues/2546

Letsencrypt cannot deal with apache's WSGI configuration

I am running apache2 with the following config

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        # DocumentRoot /var/www/html
        ServerName mywebsitedomain.com
        ServerAlias www.mywebsitedomain.com
        DocumentRoot /var/www/html/mywebsitedomain-com

        Alias /static/ /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/static/
        <Directory /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/static>
                Require all granted
         </Directory>

        # adjust the following line to match your Python path 
        <Directory "/home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder">
        <Files wsgi.py>
                AllowOverride all
                Options FollowSymLinks
                Require all granted
        </Files>
        </Directory>

        WSGIDaemonProcess mywebsitedomain.com processes=2 threads=15 display-name=%{GROUP} user=www-data group=www-data python-path=/home/ubuntu/Sites/mywebsitedomain-com:/home/ubuntu/Sites/mywebsitedomain-com/venv/lib/python3.5/site-packages
        WSGIProcessGroup mywebsitedomain.com
        WSGIScriptAlias / /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/wsgi.py process-group=mywebsitedomain.com application-group=%{GLOBAL}


        Alias /phpmyadmin /var/www/html/phpmyadmin
        <Location /phpmyadmin>
        </Location>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

</VirtualHost>

When I follow the steps outlined here

https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

as follows : 

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 
$ sudo certbot --apache

it fails with the following error 

Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 31 of /etc/apache2/sites-enabled/mywebsitedomain.app.conf:
Name duplicates previous WSGI daemon definition.

Rolling back to previous server configuration...
Error while running apache2ctl configtest.
Action 'configtest' failed.

Therefore, as described in the following link :

https://github.com/certbot/certbot/issues/1820

I commented out the WSGI lines as follows 

# WSGIDaemonProcess mywebsitedomain.com processes=2 threads=15 display-name=%{GROUP} user=www-data group=www-data python-path=/home/ubuntu/Sites/mywebsitedomain-com:/home/ubuntu/Sites/mywebsitedomain-com/venv/lib/python3.5/site-packages
# WSGIProcessGroup mywebsitedomain.com
# WSGIScriptAlias / /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/wsgi.py process-group=mywebsitedomain.com application-group=%{GLOBAL}

And run certbot again as follows :

$ sudo certbot --apache

This time, certbot completes with the following message :

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mywebsitedomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mywebsitedomain.com/privkey.pem

However, when I uncomment the following 3 lines from the generated

/etc/apache2/sites-available/mywebsitedomain.com-le-ssl.conf file

as follows :

WSGIDaemonProcess mywebsitedomain.com processes=2 threads=15 display-name=%{GROUP} user=www-data group=www-data python-path=/home/ubuntu/Sites/mywebsitedomain-com:/home/ubuntu/Sites/mywebsitedomain-com/venv/lib/python3.5/site-packages
WSGIProcessGroup mywebsitedomain.com
WSGIScriptAlias / /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/wsgi.py process-group=mywebsitedomain.com application-group=%{GLOBAL}

And run

$ sudo service apache2 start

Apache seems to start up but the website https://mywebsitedomain.com does not load

Neither does http://mywebsitedomain.com

Please help debug this issue so that I can get https to load with a wsgi configuration for a django app on apache.

Upvotes: 2

Views: 3102

Answers (3)

ryan2718281
ryan2718281

Reputation: 147

The document root is /var/www/html which means the new apache version is used. In this case, you could try to grant access to the document root directory.

<Directory /var/www/html>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Upvotes: 0

Amir Khalil
Amir Khalil

Reputation: 307

I followed instructions on this link https://www.spmuck.com/https-apache-and-lets-encrypt/ and it worked

Here is the relevant part:

Basically, when Certbot copies your virtual host file, there will now be two WSGIDaemonProcess with the same process name. You can easily fix this by commenting out the WSGIDaemonProcess line by adding a # to the start of that line. Run "certbot --apache" again, remove the comment in both virtual host files, and rename one of the processes. i.e example.com-le.

Upvotes: 5

Stephen Brown
Stephen Brown

Reputation: 43

I just removed the WSGIProcessGroup mywebsitedomain.com and not the rest. It may help but I didn't document the process and not looking forward to setting up a new server. So if you got it

Upvotes: 3

Related Questions