Certbot Seg Fault with Large Apache Config

My domain is: asp.ccamedical.net
I ran this command: cerbot renew
It produced this output: Segmentation Fault (core dumped)
My web server is (include version): Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g
The operating system my web server runs on is (include version): Ubuntu 18.04.2
My hosting provider, if applicable, is: Co-Lo server at partner’s ISP
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

“certbot renew” when run against an apache configuration with 90,000 plus lines in it seg faults.
When I change the config file to allow everyone in, the number of lines drops to 62 and “certbot renew” works fine.

My work-around is to put the short config in place during the renewal…

# Must put in a smaller config or it causes cerbot to end with seg fault/core dump
/bin/systemctl stop apache2
/bin/cp -p /etc/apache2/sites-available/002-pe5-ssl.conf.allowall /etc/apache2/sites-available/002-pe5-ssl.conf
/bin/systemctl start apache2
certbot renew
/bin/systemctl stop apache2
/bin/cp -p /etc/apache2/sites-available/002-pe5-ssl.conf.requireips /etc/apache2/sites-available/002-pe5-ssl.conf
/bin/systemctl start apache2

Shouldn’t cerbot be able to handle the large config?
(the server has close to 1TB free space and 144GB RAM and 2 - 8 core Xeons)

1 Like

I see no reason why not. And a segfault is not an appropriate answer if it can't.

Could you open a bug there Sign in to GitHub · GitHub and share the configuration that produce the segfault?

1 Like

:+1: For folks wanting to follow along this was opened as Certbot issue 7035.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.