Certbot --apache error

My domain is:
www.nubecab.com

I ran this command:
certbot --apache

I have a AWS Lightsail instance with Ubuntu22 installed and Apache2 having the following h1.conf file.

<VirtualHost *:80>
        ServerName www.nubecan.com
        ServerAdmin fcancillo@outlook.es
        DocumentRoot /var/www/html
        # Definitions for calling flaskboda in the form: http://sitename/boda
        WSGIDaemonProcess flaskboda
        WSGIScriptAlias /boda /var/www/html/flaskboda/flaskboda.wsgi
        <Directory "/var/www/html/flaskboda">
                WSGIProcessGroup flaskboda
                WSGIApplicationGroup %{GLOBAL}
                Order deny,allow
                Allow from all
        </Directory>
        # Definitions for calling flasklocation in the form: http://sitename/location
        WSGIDaemonProcess flasklocation
        WSGIScriptAlias /location /var/www/html/flasklocation/flasklocation.wsgi
        <Directory "/var/www/html/flasklocation">
                WSGIProcessGroup flasklocation
                WSGIApplicationGroup %{GLOBAL}
                Order deny,allow
                Allow from all
        </Directory>
        LogLevel debug
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

This configuration works fine with HTTP, having access to both applications, as expected.
Note: When executing: sudo apache2ctl h1.conf the result is 'Syntax OK'

It produced this output:
When using certbot to generate the new conf for HTTPS I got the error
'AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/h1.conf:'
This is the last log:

ubuntu@ip-172-26-12-224:/etc/apache2/sites-available$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.nubecan.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.nubecan.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for www.nubecan.com to /etc/apache2/sites-available/h1-le-ssl.conf
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/h1.conf:
Name duplicates previous WSGI daemon definition.

We were unable to install your certificate, however, we successfully restored your server to its prior configuration.

NEXT STEPS:
- The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
  certbot install --cert-name www.nubecan.com

Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/h1.conf:
Name duplicates previous WSGI daemon definition.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ubuntu@ip-172-26-12-224:/etc/apache2/sites-available$ 

My web server is (include version): Apache2
ubuntu@ip-172-26-12-224:~$ apache2 -v
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2023-03-01T22:43:55

The operating system my web server runs on is (include version):
ubuntu@ip-172-26-12-224:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
ubuntu@ip-172-26-12-224:~$ certbot --version
certbot 2.6.0

See the topic below. WSGI needs special consideration when using the --apache plug-in.

The reason is that --apache plug-in will create a VirtualHost for HTTPS (port 443) based on what is seen in the VHost for port 80. This can cause duplication or errors in the WSGI config.

One work-around is to use the --webroot method instead and create your own VHost for HTTPS (port 443).

Or, as noted, check this topic for other WSGI changes that can help

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.