Certbot killed immediately after starting

My domain is: smkfmartialarts.com

I ran this command: certbot -v

It produced this output:
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator None and installer None
Apache version is 2.4.54

My web server is (include version):
Apache version is 2.4.54

The operating system my web server runs on is (include version):
Amazon EC2 Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

So after calling 'certbot -v', I got that output, and looking at the /var/log/letsencrypt/letsencrypt.log, it only contains:

cat /var/log/letsencrypt/letsencrypt.log

2022-10-17 16:29:47,338:DEBUG:certbot._internal.main:certbot version: 1.11.0
2022-10-17 16:29:47,338:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2022-10-17 16:29:47,338:DEBUG:certbot._internal.main:Arguments: ['-v']
2022-10-17 16:29:47,338:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-10-17 16:29:47,363:DEBUG:certbot._internal.log:Root logging level set at 10
2022-10-17 16:29:47,364:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-10-17 16:29:47,367:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2022-10-17 16:29:48,158:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.54

at which point certbot is killed by something.

I did a ps -ef for certbot to see if another copy is running and it is not..
I have also ran this line to remove any stale locks: find / -type f -name ".certbot.lock" -exec rm {} ;

Do you know of any reason why certbot gets killed after logging the apache version?


1 Like

My completely wild guess is that your system is low on memory and the python that certbot is trying to run uses up so much memory that the system kills it.


I am running the free micro tier, but it has 317Mb left in memory (per top)...

Hi @gtvracer, and welcome to the LE community forum :slight_smile:

Can you upgrade that version?

1 Like

If I simply run: certbot certifcates, it does reply back with my current set of certs.

I'm trying to add a subdomain to my existing cert by:
certbot --expand -d studio.smkfmartialarts.com -d www.studio.smkfmartialarts.com

But it dies as described previously... killed after logging:
2022-10-17 17:01:19,234:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.54

and it goes no further...

That is the version yum installs...
I removed what was installed before, thinking that could've been the case, but this is the version yum installs...

1 Like

If my memory serves me correctly...
Amazon Linux and certbot Apache don't play well together.

1 Like

Try using certbot [without Apache] and use --webroot.

1 Like

It may not, but I was able to create my original certs without any issues...

These site is served out of a Java war file, so it really doesn't have a webroot like /var/www/html...

Did you use --apache ?
Did you reinstall or upgrade certbot after those certs?
[something must haver changed since then]

1 Like

Is there anything listening on port 80?

1 Like

As I recall, I just typed certbot, and it went through a series of questions and told it to use apache to find the domains. Then it created the pem files.

Please show the renewal config file.

1 Like

Yes, apache

Then the java is unrelated.
You can use --webroot with Apache.

1 Like

where do I find that?


ls -l /etc/letsencrypt/renewal/

1 Like

renew_before_expiry = 30 days

version = 1.11.0
archive_dir = /etc/letsencrypt/archive/smkfmartialarts.com
cert = /etc/letsencrypt/live/smkfmartialarts.com/cert.pem
privkey = /etc/letsencrypt/live/smkfmartialarts.com/privkey.pem
chain = /etc/letsencrypt/live/smkfmartialarts.com/chain.pem
fullchain = /etc/letsencrypt/live/smkfmartialarts.com/fullchain.pem

Options used in the renewal process

authenticator = apache
installer = apache
account = 7ee924479b680********************
manual_public_ip_logging_ok = None
server = https://acme-v02.api.letsencrypt.org/directory

Have to go to a meeting for 30 mins or so, will check back then. Thank you!

1 Like