Apache Options error after getting certificate


#1

Hey everyone,
I have a working SSL install of apache 2.4.7 on Ubuntu 13.04 with a self signed certificate
I am running letsencrypt via

~/letsencrypt/./letsencrypt-auto --apache -d myDomain --email myEmail

This has previously retrieved a certificate sucsessfully so I select use the previous certificate

I then get the following error

Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/default_original-le-ssl.conf:
Either all Options must start with + or -, or no Option may.

IMPORTANT NOTES:

  • We were unable to install your certificate, however, we
    successfully restored your server to its prior configuration.

I can’t open this file default_original-le-ssl.conf as it doesnt exist in the folder i suspect its a temporary file being created by letsencrypt thats getting deleted after the install fails?

Theres not much in my 000-default.conf default-ssl.conf files other than some config details from SSL labs recommendations on which version of ssl to use and ciper selection

000-default

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

default-ssl

ServerAdmin webmaster@localhost DocumentRoot /var/www ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK" SSLHonorCipherOrder on SSLCompression off SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown SSLProtocol +TLSv1 SSLProtocol +TLSv1.1 SSLProtocol +TLSv1.2 SSLStaplingCache shmcb:/var/run/ocsp(128000) SSLSessionCache shmcb:/path/to/ssl_gcache_data(5120000)

I’ve run apachectl configtest which works with no errors
How can I identify what specifically is the issue?


#2

This was caused by these two lines that should have been in a different file, removing them fixed the issue