Certbot 0.28.0 Error while running apachectl configtest


My domain is: osiris.com.au

I ran this command: certbot-auto renew

It produced this output:
Error while running apachectl configtest.
then usage message from httpd

My web server is (include version)
Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version):
vanilla up to date centos6.9

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Tried tracking back but got lost. Not a python programmer. Replaced httpd to find what args were being passed, got: “httpd LINUX_MOTIF -t”



This is a Apache error, please try to run apachectl configtest and share us some outputs…

Thank you


As mentioned - just a usage message:

apachectl configtest

Usage: ./httpd [-D name] [-d directory] [-f file]
[-C “directive”] [-c “directive”]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-S]
-D name : define a name for use in directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C “directive” : process directive before reading config files
-c “directive” : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed settings (currently only vhost settings)
-S : a synonym for -t -D DUMP_VHOSTS
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t : run syntax check for config files



Problem was there was something in the OPTIONS env variable that was interfering with your scripts. Perhaps raise a ticket for a warning to the user or filter it out from a front door entry.
“renew” now works.


Hi @lxq

renew works, you have a new Letsencrypt certificate. But your configuration isn’t complete.

http://osiris.com.au/ 301 https://osiris.com.au/ 3.603 A
http://www.osiris.com.au/ 301 https://osiris.com.au/ 0.967 E
https://osiris.com.au/ 200 4.887 B
https://www.osiris.com.au/ 200 1.750 N
Certificate error: RemoteCertificateNameMismatch

You have a dns entry www.osiris.com.au, but your certificate has only osiris.com.au as domain name. So if someone tries to go to your www version, there is a certificate mismatch.

So create a new certificate with two domain names:

certbot --apache -d www.osiris.com.au -d osiris.com.au

and use that.


Yeah, never advertised that URL.

One other problem: certbot created a publicly readable private key file (!!!) which sendmail refused to accept.


The directory isn’t world readable, so it’s weird but not insecure, FWIW.

There’s an issue open about changing the file permissions, but fixing it wasn’t a high priority in the past.


0440 is no good - you need to turn on the “DON’T BLAME SENDMAIL” option for it accept even that!
I do remember getting caught 3 months ago by the same issue… pretty slack for it to be outstanding for 3 years.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.