Can't Renew Certs: "letsencrypt-auto renew" parsing error w/ Apache2.conf


#1

Error Renewing Certificates Manually or via crontab:

  • Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration. The error was: PluginError(('There has been an error in parsing the file (%s): %s', u'/etc/apache2/apache2.conf', u'Syntax error'),)
  • (apache2.conf below)
  • Tested with <Directory> paths quoted and unquoted, e.g., <Directory "/"> and <Directory />
  • Tested with and without all <IfModule> and LogFormat lines
  • Have copied letsencrypt-auto to a separate directory and attempted to run letsencrypt-auto renew there; same result
  • Tried manually renewing with /opt/letsencrypt/certbot-auto renew; same result
  • Could be (?) related to the lenses in Augeas (currently v1.4) based on this: https://github.com/certbot/certbot/issues/1202
  • Considered updating Augeas to the most recent version by adding the repository ppa:raphink/augeas from Raphael Pinson (https://launchpad.net/~raphink/+archive/ubuntu/augeas) but unsure what else that update might affect…

More Info

  • Server: Ubuntu 16.04, Apache 2.4, PHP 7 (all up to date)
  • LetsEncrypt originally installed through Git in May 2016
  • Certificates were renewing normally via cron job and/or manually through August 12, 2016
  • Attempting to update LetsEncrypt through git pull generates:
    error: Your local changes to the following files would be overwritten by merge: certbot-auto letsencrypt-auto / Please, commit your changes or stash them before you can merge.
    Seems like the current version (auto updated?) is newer than Git knows about.

apache2.conf file:

Thanks in advance for any help!


#2

Thanks for the bug report, and I’m sorry you’re having trouble. I filed an issue on GitHub at

If you have a GitHub account, you could try to provide more information there.


#3

Thanks for the response, and filing this on GitHub; I’ve added a Gist there, but it’s really the same info.

As some of the certs expires soon, what can I do to renew until this is answered/resolved?

Or, is there a way to simply uninstall and reinstall LetsEncrypt without affecting existing certs?

Thanks.


#4

As you’re installing from git, maybe you could try making a fresh git checkout and renewing using that? It shouldn’t overwrite the information in /etc/letsencrypt.


#5

Fixed! It was something in the comments in the apache2.conf file. (The above screen shot did have comments stripped out…)

Short version: Removed all comment lines and ran /opt/letsencrypt/certbot-auto renew
More details: https://github.com/certbot/certbot/issues/3686

Thanks @schoen for your help. We’re secure again!


#6

Just to follow up on this. I had a similar problem with the syntax of the Apache conf file which prevented it from being parsed resulting in the “Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.” error.

In my case the closing tag had been appended to a commented-out line.

So changing this

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet </IfModule>

to this:

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>

fixed the problem.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.