FreeBSD 13.2 apache24 cert renewal has been failing

dwrobison · June 15, 2023, 5:59am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: homedistiller.org

I ran this command: certbot renew

It produced this output: FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/etc/apache24/libexec/apache24/mod_ssl.so'

This is wrong. The correct path is /usr/local/libexec/apache24/mod_ssl.so

My web server is (include version): apache24-2.4.56

The operating system my web server runs on is (include version): FreeBSD 13.2-RELEASE

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.4.0

_az · June 15, 2023, 6:34am

It's probably this bug. Notifying the FreeBSD package maintainer who wrote the patch might help. I'm not sure of what workaround would work.

dwrobison · June 15, 2023, 6:40am

I can put an ugly symlink in place but I'd rather not. Can I manually update this cert instead of using certbot in the meantime?

rg305 · June 15, 2023, 6:41am

I'd update to the latest first.
Then maybe use --webroot instead of --apache.

_az · June 15, 2023, 6:42am

You can try using the webroot authenticator, if you know what it is.

So like:

certbot renew --cert-name example.com \
--webroot -w /path/to/webroot \
--deploy-hook "apachectl graceful"   # (or whatever the command is on FreeBSD)

That will avoid the bug with the Apache plugin.

dwrobison · June 15, 2023, 6:45am

Thanks, I will try this. And FYI in FreeBSD the command is

service apache24 restart

dwrobison · June 15, 2023, 6:52am

This worked. Thank you so much. I will be contacting the FreeBSD maintainer tomorrow.

Thanks again.

danb35 · June 15, 2023, 8:46pm

Are you sure it isn't service apache24 reload? The restart command, well, restarts Apache--it stops it, and then starts it. Existing connections are terminated, etc. Most services also have a "reload" command, which will reload its configuration while still running. If the Apache24 service supports it, that would be the one to use.

system · July 15, 2023, 8:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
F29 certbot and apache - renew problem Help	5	1376	May 26, 2019
Can't update certificate, get weird error Help	19	1083	October 26, 2021
Unable to install certificate on freeBSD Help	12	1649	March 28, 2020
Certbot doesn't understand apache on FreeBSD Help	37	74	December 2, 2024
Certbot renew says Not yet due for renewal; email says otherwise Help	22	4131	March 17, 2022

FreeBSD 13.2 apache24 cert renewal has been failing

Related topics