It produced this output: 2019-08-08 09:56:42,581:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.firenzespettacolo.it/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.firenzespettacolo.it/privkey.pem
Your cert will expire on 2019-11-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot-auto renew”
My web server is (include version): Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is: Ubuntu 16.04.6 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine: yes
I’m using a control panel to manage my site: no
The version of my client is: certbot 0.37.0
I renewed the certificate correctly but the site was not visible with the error:
The certificate test using ssllabs.com is successful. For the moment I solved with a work around in the file /etc/apache2/sites-available/www.firenzespettacolo.it-le-ssl.conf I added # to the line:
#Include /etc/letsencrypt/options-ssl-apache.conf
and after restarting apache the site is visible again. Thanks for the support.
Thanks for your reply. Maybe I didn’t explain correctly, if in the file /etc/apache2/sites-available/www.firenzespettacolo.it-le-ssl.conf
is present Include /etc/letsencrypt/options-ssl-apache.conf
the site cannot be seen and generates the indicated error if instead I add the comment
the site is visible again (the current condition). But it cannot be the solution because the bot adds the inclusion to the renewal of the certificate.
Interestingly, please give me some instruction on how to verify this.
Hey @Cicciogaddo! Erica from Certbot here. We’re trying to figure out what caused this issue so we can get the feature back in without the errors. It would really help us out if you could email me at erica@eff.org with the following information:
the results of the command grep OpenSSL /var/log/apache2/error.log (or elsewhere, if you’ve moved your apache error log location)
the contents of your config directory (probably located at /etc/apache2/), redacted as you see fit
any changes you’ve made to the config directory in the time since encountering this issue
Pinging again @Cicciogaddo – we still haven’t been able to reproduce the issue, and even the Apache developers we’ve talked to don’t understand what’s going on here. Regardless of us making this change again, we’d really like to get to the bottom of this so we can avoid problems like this in the future and can make sure the problem is fixed in whatever software causing a TLS error in this configuration.
If you don’t feel comfortable sending the info I previously mentioned, some other info that might help us is:
All mod_ssl directives in the Apache config
A high level description of your setup (e.g. are you using PHP/phpmyadmin?)
Thanks to everyone who helped us here! We’ve figured this one out, and just put out a release (0.37.2) fixing it in Nginx as well. If you’re interested in the story, you can follow our discussion on GitHub at https://github.com/certbot/certbot/issues/7322.
