My automatic renewal wasn’t working, but after many hours figured out the problem. Here’s the fix in case someone else has the problem.
When trying to renew, this was the warning: “WARNING:letsencrypt.cli:Attempting to renew cert from … produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, u’/usr/share/modsecurity- crs/rules/REQUEST-910-IP-REPUTATION.conf’, u’Syntax error’),). Skipping.”
Turns out REQUEST-910-IP-REPUTATION.conf had this line commented:
"#SecRule TX:REAL_IP “@ipMatchFromFile ip_blacklist.data” " but the lines under were not commented out for this rule. Once I commented out the rest of the SecRule (16 lines), the renewal worked.
The REQUEST-910-IP-REPUTATION.conf file on Github (https://github.com/fastly/waf_testbed/blob/master/templates/default/REQUEST-910-IP-REPUTATION.conf.erb) contains this syntax error.