Certbot looking in wrong directory

My domain is: seibercom.net

I ran this command: certbot renew --apache --deploy-hook "service dovecot restart"

It produced this output: "See log file: https://seibercom.net/letsencrypt.log"
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/etc/apache24/libexec/apache24/mod_ssl.so'
2023-04-23 08:28:29,481:WARNING:certbot_apache._internal.configurator:Unable to read ssl_module file; not disabling session tickets.
2023-04-23 08:28:29,482:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache

The correct path would be: /usr/local/libexec/apache24/mod_ssl.so

My web server is (include version): Apache 2.4.57 (FreeBSD)

The operating system my web server runs on is (include version): FreeBSD 13-2

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.4.0

What does this show?

sudo apachectl configtest

and this

sudo apachectl -M | grep -i ssl

sudo apachectl -M | grep -i ssl
ssl_module (shared)

sudo apachectl configtest
Performing sanity check on apache24 configuration:
Syntax OK

I created a link to correct that problem, but now a new one has come to light. This is a copy of the error messages printed out on the screen.

Script started on Sun Apr 23 13:23:03 2023
Command: /usr/local/bin/certbot renew --apache --deploy-hook service dovecot restart
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /usr/local/etc/letsencrypt/renewal/seibercom.net-0001.conf

Renewing an existing certificate for seibercom.net and www.seibercom.net

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: seibercom.net
Type: connection
Detail: 71.77.18.211: Fetching http://seibercom.net/.well-known/acme-challenge/9sJB8F-Pf38YmNoHzxaYQHp2P-pTjO1dsQkVNuoN4n8: Connection refused

Domain: www.seibercom.net
Type: connection
Detail: 71.77.18.211: Fetching http://www.seibercom.net/.well-known/acme-challenge/V38z8v6H3pE6gFXA2mjlheQj1vn9DP5_cfM7SQ0ownc: Connection refused

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).

Unable to restart apache using ['apachectl', 'graceful']
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).
Failed to renew certificate seibercom.net-0001 with error: Some challenges have failed.

Processing /usr/local/etc/letsencrypt/renewal/seibercom.net.conf

Renewing an existing certificate for seibercom.net and 3 more domains
Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).

Unable to restart apache using ['apachectl', 'graceful']
Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).

Unable to restart apache using ['apachectl', 'graceful']
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).
Failed to renew certificate seibercom.net with error: Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).

All renewals failed. The following certificates could not be renewed:
/usr/local/etc/letsencrypt/live/seibercom.net-0001/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem (failure)

2 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Command exit status: 1
Script done on Sun Apr 23 13:23:14 2023

Yeah, I cannot reach your domain using HTTP or HTTPS from my own test server. Let's Debug (link here) can't see it either. Let's Debug is a good test for changes you make to resolve this. Once it says OK you can try getting a cert again.

The log file you posted shows the same "connection refused" problem after displaying the warning about the ssl module.

Did you recently reinstall Apache?

Have you previously used Certbot --apache plug-in folder overrides? You would know if you have.

Is Apache even running? What do these show?

sudo netstat -pant | grep -Ei ':80|:443'

sudo systemctl status apache2

Note: Might need to replace apache2 with your Apache service name. I don't know what your system uses off-hand

I think you might have multiple versions of Apache installed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.