Error running command ['apache2ctl'

My server: Ubuntu 18.04 LTS Apache/2.4.29 (Ubuntu)
Rackspace: shell access

Test Command I ran - an cerbot --apache generated certificate
certbot --dry-run --force-renewal renew --cert-name drjosephpengecir.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/drjosephpengecir.com.conf


Error running command [‘apache2ctl’, ‘-t’, ‘-D’, ‘DUMP_INCLUDES’] for runtime parameters!

  1. I believe the apache plugin is having a problem with my 490 domains.
  2. apache2ctl -t -D DUMP_INCLUDES | wc -c
    shows this
    AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 2001:4801:7820:75:be76:4eff:fe10:489f. Set the ‘ServerName’ directive globally to suppress this message
    91738

is the word count, it is large

The cert I am testing with is /etc/letsencrypt/renewal/

renew_before_expiry = 30 days

version = 0.31.0
archive_dir = /etc/letsencrypt/archive/drjosephpengecir.com
cert = /etc/letsencrypt/live/drjosephpengecir.com/cert.pem
privkey = /etc/letsencrypt/live/drjosephpengecir.com/privkey.pem
chain = /etc/letsencrypt/live/drjosephpengecir.com/chain.pem
fullchain = /etc/letsencrypt/live/drjosephpengecir.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 51759ba3dccb8494b190da63f954a1f3
authenticator = apache
installer = apache
server = https://acme-v02.api.letsencrypt.org/directory

Note - I had issues with the apache plugin after requesting 250 certificates
So I switched to the webroot plugin

I tested a cert generated with the webroot plugin
certbot --dry-run --force-renewal renew --cert-name drlawrencedavisonline.com

  • DRY RUN: simulating ‘certbot renew’ close to cert expiry
    ** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:

renew_before_expiry = 30 days

version = 0.31.0
archive_dir = /etc/letsencrypt/archive/drlawrencedavisonline.com
cert = /etc/letsencrypt/live/drlawrencedavisonline.com/cert.pem
privkey = /etc/letsencrypt/live/drlawrencedavisonline.com/privkey.pem
chain = /etc/letsencrypt/live/drlawrencedavisonline.com/chain.pem
fullchain = /etc/letsencrypt/live/drlawrencedavisonline.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 51759ba3dccb8494b190da63f954a1f3
authenticator = webroot
webroot_path = /var/www/html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
drlawrencedavisonline.com = /var/www/html
www.drlawrencedavisonline.com = /var/www/html

Does anybody see a problem if I change the renewal files under /etc/letsencrypt/renewal/ and switch the failing apache ones to the same format as the succeeding webroot ones? The documentation basically says, do not change anything. Certbot expects things to be like it created them. Or in other words, are there dependencies in the renewal process that rely on data saved by the certbot plugin used for the request?

Hi @gmgj,

Sounds like you’ve got a large webhost to control. You could always take a backup of the /etc/letsencrypt folder before trying to edit the renewal files. According to https://certbot.eff.org/docs/using.html?highlight=renew#modifying-the-renewal-configuration-file

For advanced certificate management tasks, it is possible to manually modify the certificate’s renewal configuration file, but this is discouraged since it can easily break Certbot’s ability to renew your certificates. If you choose to modify the renewal configuration file we advise you to test its validity with the certbot renew --dry-run command.

1 Like

Thank you. I am a little ashamed I did not find that myself. Another question, Can I write a pre or post hook in php and invocate in a BasH srcipt
#!/bin/bash

/etc/cron.daily/example

echo "$0 # $PWD # date # whoami :whoami "

php /var/www/html/wip/certs/GenURLList1.php

In my case, I changed the apache generated conf file in /etc/letsencrypt/renewal/
to be in the same format as the webroot one, and it worked.

The line changed were
authenticator = webroot
webroot_path = /var/www/html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
domain name .com = /var/www/html
www.*domain name.*com = /var/www/html

It was generated with certbot -n –apache –agree-tos –redirect -d ‘ . $ourhost . ‘ -d ‘ . $ourhostwww;

were outhost and ourhostwww correspond to the domain name and www. domain name

1 Like

You can write the hooks in any language you prefer!

1 Like

Indeed, if you start them with something like

#!/usr/bin/php

or whatever the appropriate version is for your system and interpreter, the operating system will automatically run that interpreter (instead of bash) to interpret the script. For example, Python scripts often start with

#!/usr/bin/python

or

#!/usr/bin/env python

and they could be run directly as hooks without having a shell script in between.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.