Certificate renewed but site not visible


first of all thank you for the whole project and for your work.

My domain is: https://www.firenzespettacolo.it/

I ran this command: certbot-auto

It produced this output: 2019-08-08 09:56:42,581:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2019-11-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot-auto renew”

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is: Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site: no

The version of my client is: certbot 0.37.0

I renewed the certificate correctly but the site was not visible with the error:


The certificate test using ssllabs.com is successful. For the moment I solved with a work around in the file /etc/apache2/sites-available/www.firenzespettacolo.it-le-ssl.conf I added # to the line:

#Include /etc/letsencrypt/options-ssl-apache.conf

and after restarting apache the site is visible again. Thanks for the support.


Hi @Cicciogaddo

simple idea:

Change the file


so every line starts with a #. Then remove the # so

Include /etc/letsencrypt/options-ssl-apache.conf

is included. Then remove every # and check, if this is the problem.

Or directly: Perhaps you have a directive (“Session”) which isn’t allowed multiple times.

Hi JuergenAuer,

Thanks for your reply. Maybe I didn’t explain correctly, if in the file
is present
Include /etc/letsencrypt/options-ssl-apache.conf
the site cannot be seen and generates the indicated error if instead I add the comment
the site is visible again (the current condition). But it cannot be the solution because the bot adds the inclusion to the renewal of the certificate.

Interestingly, please give me some instruction on how to verify this.


If in /etc/letsencrypt/options-ssl-apache.conf I set SSLSessionTickets to on
everything seems to work properly.



My idea: Two such directives like SSLSessionTickets on, only one is allowed.

Happy to read you have found a solution :+1:

1 Like

The SSLSessionTickets off was a new default introduced in Certbot 0.37.0, and reverted in 0.37.1 (released today).



Hey @Cicciogaddo! Erica from Certbot here. We’re trying to figure out what caused this issue so we can get the feature back in without the errors. It would really help us out if you could email me at erica@eff.org with the following information:

  • the results of the command grep OpenSSL /var/log/apache2/error.log (or elsewhere, if you’ve moved your apache error log location)
  • the contents of your config directory (probably located at /etc/apache2/), redacted as you see fit
  • any changes you’ve made to the config directory in the time since encountering this issue



Pinging again @Cicciogaddo – we still haven’t been able to reproduce the issue, and even the Apache developers we’ve talked to don’t understand what’s going on here. Regardless of us making this change again, we’d really like to get to the bottom of this so we can avoid problems like this in the future and can make sure the problem is fixed in whatever software causing a TLS error in this configuration.

If you don’t feel comfortable sending the info I previously mentioned, some other info that might help us is:

  • All mod_ssl directives in the Apache config
  • A high level description of your setup (e.g. are you using PHP/phpmyadmin?)
  • Apache modules loaded

Thanks again!

Hi Erica,

Sorry but I’m out of office for holidays I’ll reply to you from 1 September.



Thanks to everyone who helped us here! We’ve figured this one out, and just put out a release (0.37.2) fixing it in Nginx as well. If you’re interested in the story, you can follow our discussion on GitHub at https://github.com/certbot/certbot/issues/7322.

1 Like