Certbot-auto renew fails

Help
1

Hi! I have a problem while attempting to renew the certificate.

I use: sudo ./certbot-auto renew --dry-run
And the error is:

2016-09-14 15:54:37,228:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/mydomain.it.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(('There has been an error in parsing the file (%s): %s', u'/etc/apache2/sites-enabled/000-default.conf', u'Syntax error'),). Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mydomain.it/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

I’m on ubuntu server 14.04LTS with apache 2.

Into sites-enalbled I have 2 files:

000-default.conf
000-default-le-ssl.conf

The first is:

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.it [OR]
RewriteCond %{SERVER_NAME} =mydomain.it
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
	
		
	<Directory "/var/www/html/test>
		AuthType Basic
		AuthName "Restricted Content"
		AuthUserFile /etc/apache2/.htpasswd
		Require valid-user
	</Directory>

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

The second is:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.it/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.it/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName mydomain.it
ServerAlias www.mydomain.it
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.it/chain.pem

	
	<Directory "/var/www/html/test">
		AuthType Basic
		AuthName "Restricted Content"
		AuthUserFile /etc/apache2/.htpasswd
		Require valid-user
	</Directory>

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>

Could you help me? Tnx!

2

Ok i removed the <Directory "/var/www/html/test> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Directory> section in 000-default.conf and now I have no errors, I’ll wait tomorrow to see if the cronjob will update the certificate or not.

3

I think the quotation mark (") in that line is probably the problem. I don't believe that's valid for the Apache configuration format (although perhaps Apache will overlook the problem). It should probably simply not have the quotation mark at all.

I expect that this is what confused Certbot when attempting to deal with this file.

4

can’t believe it was just a typo!

let me see tomorrow if the renew will be ok…

5

Ok today the automatic renew was succesfull and now I can see the new certificate.

Thanks!

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.