Please fill out the fields below so we can help you better.

I ran this command:
$ sudo certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/[mydomain].conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘There has been an error in parsing the file /etc/apache2/sites-available/default.conf on line 53: Syntax error’,)
Attempting to renew cert from /etc/letsencrypt/renewal/[mydomain].conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘There has been an error in parsing the file /etc/apache2/sites-available/default.conf on line 53: Syntax error’,). Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/[mydomain]/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Saving debug log to /var/log/letsencrypt/letsencrypt.log

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version):

ubuntu 16.04

My hosting provider, if applicable, is:

amazon ec2

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I wonder if this could be a form of the same problem as

Sorry for the delayed response. It was a holiday and then other things came up.

So, this could be related. However, I have updated letsencrypt, to the ppa suggested here: https://launchpad.net/~certbot/+archive/ubuntu/certbot

When I updated certbot, it became necessary to add:
post_hook = /bin/run-parts /etc/letsencrypt/post-hook.d/
renew_hook = /bin/run-parts /etc/letsencrypt/renew-hook.d/
pre_hook = /bin/run-parts /etc/letsencrypt/pre-hook.d/
to /etc/letsencrypt/renewal/.conf
Which I did.

However, when I run certbot renew, I am still given the same error:

Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘There has been an error in parsing the file /etc/apache2/sites-available/default.conf on line 53: Syntax error’,)
Attempting to renew cert from /etc/letsencrypt/renewal/[mydomain].conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘There has been an error in parsing the file /etc/apache2/sites-available/default.conf on line 53: Syntax error’,). Skipping.

I then attempted to run the following (as suggested):
certbot certonly --cert-name [mydomain] --domains $(sudo openssl x509 -in /etc/letsencrypt/live/[mydomain]/cert.pem -noout -text | grep DNS | sed ‘s/ DNS://g’) --authenticator webroot --installer apache --webroot-path /home/www-data/web2py && apachectl -k graceful

And I get the following message:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for [mydomain]
Using the webroot path /home/www-data/web2py for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. [mydomain] (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://[mydomain]/.well-known/acme-challenge/Iw6dgjFITU6v_rSGC035QXc6ZzcccNOVfm8MFOlB8RM [52.38.183.173]: 400

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: [mydomain]
  Type: unauthorized
  Detail: Invalid response from
  http://[mydomain]/.well-known/acme-challenge/Iw6dgjFITU6v_rSGC035QXc6ZzcccNOVfm8MFOlB8RM
  [52.38.183.173]: 400

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

I know the domain is correct. As it was working just fine until the certificate expired. I did try changing the permissions on the .well-known directory from root to reflect the same ownership as that of all the other web directories. That didn’t work.

Any help would be appreciated it. Thanks

Could you please post the contents of that file?

WSGIDaemonProcess web2py user=www-data group=www-data processes=1 threads=1

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

CustomLog /var/log/apache2/access.log common

ErrorLog /var/log/apache2/error.log

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/[mydomain]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[mydomain]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName [mydomain]
#SSLCertificateFile /etc/apache2/ssl/2_[mydomain].crt
#SSLCertificateChainFile /etc/apache2/ssl/1_root_bundle.crt
#SSLCertificateKeyFile /etc/apache2/ssl/[mydomain].key

WSGIProcessGroup web2py
WSGIScriptAlias / /home/www-data/web2py/wsgihandler.py
WSGIPassAuthorization On

<Directory /home/www-data/web2py>
AllowOverride None
Require all denied

Require all granted

AliasMatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /home/www-data/web2py/applications/$1/static/$2

<Directory /home/www-data/web2py/applications/*/static/>
Options -Indexes
ExpiresActive On
ExpiresDefault "access plus 1 hour"
Require all granted

CustomLog /var/log/apache2/ssl-access.log common

ErrorLog /var/log/apache2/error.log

Hi @hahaquadratic,

Thanks for sharing that file.

It looks like the file mistakenly has the line

<IfModule mod_ssl.c>

at the very end. That line does not belong there and does not make sense in that context. I think if you remove it, you’ll stop encountering the syntax error that you were experiencing before.

OMG. That was it. So sorry! I didn’t see that. And thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.