Clean Install on Big Sur Errors

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot certonly --apache
It produced this output:
==> Pouring certbot--1.18.0.big_sur.bottle.tar.gz

:beer: /usr/local/Cellar/certbot/1.18.0: 2,030 files, 17.6MB

ARLs-Mac-Pro:~ duane$ sudo certbot certonly --apache


Saving debug log to /var/log/letsencrypt/letsencrypt.log

Could not find ssl_module; not disabling session tickets.

Enter email address (used for urgent renewal and security notices)

(Enter 'c' to cancel):

Please read the Terms of Service at You must

agree in order to register with the ACME server. Do you agree?

(Y)es/(N)o: y

Would you be willing, once your first certificate is successfully issued, to

share your email address with the Electronic Frontier Foundation, a founding

partner of the Let's Encrypt project and the non-profit organization that

develops Certbot? We'd like to send you email about our work encrypting the web,

EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: y

Account registered.

Please enter the domain name(s) you would like on your certificate (comma and/or

space separated) (Enter 'c' to cancel):

Requesting a certificate for

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

ARLs-Mac-Pro:~ duane$
My web server is (include version):
MAMP Version 6.4 apache
The operating system my web server runs on is (include version):
macOS Big Sur 11.5.2
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Unfortunately the Apache plugin isn't quite working on Big Sur right now due to an issue with the Augeas package in Homebrew.

There is a description of the issue and a workaround in this comment.

Without using the workaround, you can also try using Certbot with --webroot and manually configuring the Apache server with your certificate.

Sorry for the inconvenience!

I have the exact same configuration running on an identical Mac Pro that was setup last year and it still works so the problem is likely in a Homebrew update.

1 Like

You should be able to use the --webroot method to ensure certbot understands where to put the challenge response file.

Thank you, but I am new to the command line and have no idea how to do that.

1 Like

I think I have it

ARLs-Mac-Pro:~ duane$ sudo certbot certonly --webroot --agree-tos --email -d -w /Users/duane/Sites/stream
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/
Key is saved at: /etc/letsencrypt/live/
This certificate expires on 2021-11-23.
These files will be updated when the certificate renews.


  • The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See for instructions.

Wait... I think I see the problem.
Order matters.
The -w /path section must come immediately before the -d domain section that it references.

Change this ordering:

To this order:

sudo certbot certonly \
--webroot -w /Users/duane/Sites/stream  \
-d \
--agree-tos --email

Excellent, thank you!

1 Like

Glad to help :slight_smile:
Cheers from Miami :beers:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.