Can't renew certs with apache 2.4.10


#1

I am trying to renew my certs on Jessie with apache 2.4.10. I had a systemd.timer set up, but as that did not work, I tried the cronjob and tried to renew manualy (which always worked fine up to now.

The error I get is the same for all methods:
certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/berlinuxlab.net.conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, ‘/etc/apache2/sites-enabled/berlinuxlab.conf’, ‘Syntax error’),)
Attempting to renew cert from /etc/letsencrypt/renewal/berlinuxlab.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, ‘/etc/apache2/sites-enabled/berlinuxlab.conf’, ‘Syntax error’),). Skipping.
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/berlinuxlab.net/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

apache2ctl configtest says:
Syntax OK

apache2ctl -t -D DUMP_RUN_CFG says:

ServerRoot: "/etc/apache2"
Main DocumentRoot: “/var/www/html"
Main ErrorLog: “/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=”/var/lock/apache2” mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

journalctl shows:

2017-02-18 09:59:06,687:INFO:certbot.hooks:No renewals attempted, so not running post-hook
2017-02-18 09:59:06,688:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 592, in renew
renewal.renew_all_lineages(config)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 365, in renew_all_lineages
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

The traceback will be different if I try to renew again

I have seen mentions on this forum and elsewhere on the net about the same issue with apache 2.2, but no solutions either. Is there a fix or a workaround for this problem?


#2

Could you post the contents of /etc/apache2/sites-enabled/berlinuxlab.conf please? The library that Certbot uses to parse Apache configuration is a little stricter / more fragile than Apache itself, and sometimes reports syntax errors in files that Apache thinks are perfectly fine.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.