Apache plugin syntax error

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot renew -vvv
It produced this output:
james@bronserv:/etc/apache2/sites-enabled$ sudo certbot renew -vvv
Root logging level set at 0
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Notifying user: Processing /etc/letsencrypt/renewal/broncloud.sasstaff.co.uk-0001.conf

Processing /etc/letsencrypt/renewal/broncloud.sasstaff.co.uk-0001.conf

Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7fc762219820> and installer <certbot.internal.cli.cli_utils.
Default object at 0x7fc762219820>
Starting new HTTP connection (1): r3.o.lencr.org:80
http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
OCSP response for certificate /etc/letsencrypt/archive/broncloud.sasstaff.co.uk-0001/cert13.pem is signed by the certificate's issuer.
OCSP certificate status for /etc/letsencrypt/archive/broncloud.sasstaff.co.uk-0001/cert13.pem is: OCSPCertStatus.GOOD
Should renew, less than 30 days before certificate expiry 2022-08-19 12:18:19 UTC.
Certificate is due for renewal, auto-renewing...
Requested authenticator apache and installer apache
Apache version is 2.4.54
Other error:(PluginEntryPoint#apache): There has been an error in parsing the file /etc/apache2/sites-enabled/broncloud.sasstaff.co.uk.conf
on line 32: Syntax error
Traceback (most recent call last):
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 160, in prepare
self._initialized.prepare()
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 380, in prepare
self.parser.check_parsing_errors("httpd.aug")
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 127, in check_parsing_errors
raise errors.PluginError(msg)
certbot.errors.PluginError: There has been an error in parsing the file /etc/apache2/sites-enabled/broncloud.sasstaff.co.uk.conf on line 32:
Syntax error
No candidate plugin
No candidate plugin
Failed to renew certificate broncloud.sasstaff.co.uk-0001 with error: The apache plugin is not working; there may be problems with your exis
ting configuration.
The error was: PluginError('There has been an error in parsing the file /etc/apache2/sites-enabled/broncloud.sasstaff.co.uk.conf on line 32:
Syntax error')
Traceback was:
Traceback (most recent call last):
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 484, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1538, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 257, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 377, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('There has been an error in parsing the file /etc/apache2/sites-enabled/broncloud.sasstaff.co.uk.conf on line 32:
Syntax error')

Notifying user:

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/broncloud.sasstaff.co.uk-0001/fullchain.pem (failure)
Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/2192/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1630, in renew
renewal.handle_renewal_request(config)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Ce
rtbot with -v for more details

My web server is (include version):
Apache 2.4.54
The operating system my web server runs on is (include version):
Ubuntu server 21.04
My hosting provider, if applicable, is:
Self hosted
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.29.0

I have just updated certbot to the snap package which seems to have brought about this error.
Line 32 on the conf file mentioned above is simply blank!

2

My certificate runs out in eight days time. Previously I just used:
sudo certbot renew
and all went well. I have not altered any of the config files recently only updated from the previous ppa: version of certbot to the snap package as advised.
I uninstalled the previous version with sudo apt uninstall certbot #
and installed the snap package with:
sudo snap install --classic certbot #

James

3

Can you show the contents of this file. You must add 3 backticks before and after it so that forum formatting won't lose key pieces. Thanks

3 Likes
4

Hi @MikeMcQ ,
Thanks for the quick response. I'm not entirely sure where to find a backtick? but I'll try this.

<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/nextcloud
ServerName broncloud.sasstaff.co.uk
ServerAdmin jkp@bronyaur.co.uk
ServerAlias www.broncloud.sasstaff.co.uk
Protocols h2 http/1.1
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript applicatio>
</IfModule>
<Directory /var/www/html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine  on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/broncloud.sasstaff.co.uk-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/broncloud.sasstaff.co.uk-0001/privkey.pem

<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/var/run/php/php8.0-fpm.sock|fcgi://localhost"
</FilesMatch>

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
2 Likes
5

Yeah, that's it. (on US keyboards it is just to left of number 1 on main keyboard)

You are missing a closing </IfModule> for your initial mod_ssl.c. Parsing then gets confused and reports an error on the last line because it can't find one. Don't ask me why some versions do or don't.

Seems to me you could just remove that first line. I would expect you would always have that enabled on your system but if you want to keep it you need to close it at the bottom after the closing </VirtualHost> like

</IfModule>
</VirtualHost>
</IfModule>
3 Likes
6

I do not believe I have been so dumb :slight_smile:

james@bronserv:/etc/apache2/sites-enabled$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/broncloud.sasstaff.co.uk-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for broncloud.sasstaff.co.uk
Reloading apache server after certificate renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/etc/letsencrypt/live/broncloud.sasstaff.co.uk-0001/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
james@bronserv:/etc/apache2/sites-enabled$

You sir are a genius :slight_smile:
I have to admit I was quite worried there and had visions of rebuilding the entire server just for a minute or two :wink:

Anyway, thank you so much for your observations and help.

Problem solved

James

2 Likes
7

No worries. I guessed it quick because you were not the first :slight_smile:

4 Likes
8

Nor will I be the last...no doubt :wink:

J

1 Like
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.