Certbot renew fails on current fedora 24 w/ apache

Help
1

the output of cerbot renew -vv is, and apologize but i masked my certificate expiration time and my website, to prevent social engineering attempts, call me crazy but ive had plenty of people try to social engineer me. I will also utfse while i wait for any response.

[root@website ~]# certbot renew -vv
Root logging level set at 0
Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot version: 0.9.3
Arguments: [’-vv’]
Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)

Processing /etc/letsencrypt/renewal/www.website.net.conf

Should renew, less than 30 days before certificate expiry 2017-01-XX XX:XX:XX UTC.
Cert is due for renewal, auto-renewing…
Requested authenticator apache and installer apache
Other error:(PluginEntryPoint#apache): (‘There has been an error in parsing the file (%s): %s’, u’/etc/httpd/conf/httpd.conf’, u’Syntax error’)
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 106, in prepare
self._initialized.prepare()
File “/usr/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 190, in prepare
self.check_parsing_errors(“httpd.aug”)
File “/usr/lib/python2.7/site-packages/certbot_apache/augeas_configurator.py”, line 74, in check_parsing_errors
raise errors.PluginError(msg)
PluginError: (‘There has been an error in parsing the file (%s): %s’, u’/etc/httpd/conf/httpd.conf’, u’Syntax error’)
No candidate plugin
No candidate plugin
Selected authenticator None and installer None
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, u’/etc/httpd/conf/httpd.conf’, u’Syntax error’),)
Attempting to renew cert from /etc/letsencrypt/renewal/www.website.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, u’/etc/httpd/conf/httpd.conf’, u’Syntax error’),). Skipping.
Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 348, in renew_all_lineages
main.obtain_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 554, in obtain_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, “certonly”)
File “/usr/lib/python2.7/site-packages/certbot/plugins/selection.py”, line 197, in choose_configurator_plugins
diagnose_configurator_problem(“authenticator”, req_auth, plugins)
File “/usr/lib/python2.7/site-packages/certbot/plugins/selection.py”, line 272, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, u’/etc/httpd/conf/httpd.conf’, u’Syntax error’),)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.website.net/fullchain.pem (failure)
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 592, in renew
renewal.renew_all_lineages(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 365, in renew_all_lineages
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

1 renew failure(s), 0 parse failure(s)

2

Have you checked /etc/httpd/conf/httpd.conf for (easily detectable) syntax errors, just as the error message implies?

3

I mean apart from my own modifications to httpd.conf which im assuming are syntactically correct, I shouldnt have any errors. It would be nice if the cert bot would spit out what line is causing a problem tbh. but i will go and hand comment out things in batches

4

I would also assume that apache wouldnt start if there were syntax errors in httpd.conf and would spit out a systemctl error, as well I installed the cert fine, and now even if i clear out the /etc/letsencrypt/ directory i cant create a cert

5

nevermind, I will admit i had a missing quotation mark in a directory directive. so i guess thanks, I was already trying to comment out some of my methods that i use to prevent someone from accessing my site by ip address versus domain name, as some of them i thought might have cause the issue, as well as checking for erroneous things, but i digress, its fixed.

still I wish that it would output the line in the conf file that caused it to barf. I think it was trying to but there was an issue

1 Like
6

The problem is certbot uses Augeas for the parsing of the Apache configuration files and certbot passes along the error message(s) from Augeas. In casu: Augeas produces the semi-useless error message "Syntax error", certbot just passes it along to the user.

Edit:
It seems Augeas does pass along a line number, but that isn't included in the message itself. But certbot should be able to retrieve it. I'll make a Issue on GitHub about it :slight_smile:

1 Like
7

Thanks I appreciate it, I’m sure the code meant to spit it out but it got cut off at someplace

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.