This is more of a bug report than anything else. We recently (within the last 90 days) added some Shibboleth directives to our Apache (httpd) config, and the LetsEncrypt Apache plugin now chokes with an error.
Details: we’re using the letsencrypt package (and python-letsencrypt-apache package) that comes with Ubuntu 16.04 (it reports version 0.4.1-1). The error message in the letsencrypt logfile is:
[ … ]
2017-09-11 15:25:31,632:INFO:letsencrypt.cli:Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, u’/etc/apache2/sites-available/cal.templ’, u’Syntax error’),)
2017-09-11 15:25:31,633:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/mesa5.coloradomesa.edu.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, u’/etc/apache2/sites-available/cal.templ’, u’Syntax error’),). Skipping.
2017-09-11 15:25:31,654:DEBUG:letsencrypt.cli:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 1017, in renew
[ … ]
If I comment out the following in the Apache config, then the plugin successfully runs:
<Location "/25live/data/run/login.shibboleth>
AuthType shibboleth
ShibRequestSetting requireSession true
ShibUseHeaders On
require shib-session