Error during install and renewal failure

Thanks for double checking.

If you haven't manually included any files outside of /etc/apache2 yourself, can you send me more info about your vhost configuration:

can you provide a copy of your other virtual hosts? I'm still unable to reproduce the problem using the file you provided above so I'd like to more closely mimic your Apache configuration. I'd like a copy of all files in sites-available. I'd also like to see the output of ls -l /etc/apache2/sites-enabled/. If any file there is not a symlink, can you give me a copy of that file as well? Feel free to redact values as you deem appropriate and/or email the files to me rather than pasting them here. My email address is my username @eff.org.

Brad,

Attached is a tgz with the entire /etc/apache2 directory.
I conā€™t think that there is any sensitive information in there.

Thanks,
Dave

@dpatterson, if you only sent your e-mail to the forum, the attachment didnā€™t make it through. (If you sent a copy of the e-mail to @bmw as well, then he probably did receive the attachment.)

May I ask which Apache version and OS you using? Is their a How-To for Nginx .conf on newer versions? Thank you in advance.

Apache 2.4.18, 2017-06-26
Ubuntu 16.04.2 LTS

D.

Thank you. I had trouble with Debian 9.

I also didnā€™t get an message with the attachment at my @eff.org email address.

@bmw, Iā€™ve tried sending it again.

I got your email this time and I figured out. This problem occurs in our Apache config parser when using environment variables in ServerName/ServerAlias directives. You can track the status of us fixing this on GitHub at https://github.com/certbot/certbot/issues/2481.

In the meantime, if you can refrain from using directives like this in your Apache config, the problem should go away. If you cannot, Iā€™m afraid youā€™ll have to use a different Certbot plugin for renewal until weā€™re able to fix the problem. If when the site is deployed youā€™ll have a consistent DocumentRoot for the domain you want a cert for, Iā€™d recommend the webroot plugin and a --renew-hook or --post-hook of apache2ctl -k graceful to cause Apache to start using the new certificates (with no downtime). You can learn more about renewal hooks here.

Sorry for the trouble and thanks for bearing with me until I found the cause of the problem.

2 Likes

@bmw, I have temporarily replaced those directives with hard-coded versions.
The cert renewed as expected.
Iā€™ll revert to the variable once the bug has been fixed.

Iā€™d like to thank you and the others that have kept at this. Itā€™s always refreshing when a group take issues like this seriously and sticks with it until the cause is found.

Iā€™m following the thread on Github.

Thanks again
Dave

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.