Getting odd error in renew script

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: robert-chalmers.uk

I ran this command: certbot renew

It produced this output:

Cert is due for renewal, auto-renewing...

Unable to read ssl_module file; not disabling session tickets.

Plugins selected: Authenticator apache, Installer None

Renewing an existing certificate

It appears to work, but I can’t figure out why its giving this line.
Unable to read ssl_module file; not disabling session tickets.

Robert

My web server is (include version):

The operating system my web server runs on is (include version): OSX 10.15.5

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.5.0

1 Like

For some reason, certbot can’t open mod_ssl.so to check the OpenSSL version used in the Apache SSL module. Certbot wants to know the OpenSSL version before trying to disable session tickets apparently. I don’t think this is actually an error, but more of a warning.

2 Likes

It is a warning only I think, because the process proceeds and completes ok. I have no idea how or why certbot would want to check the version of Openssl other than it’s the same version that created the mod_ssl - which it is naturally.
But yes, it’s a starting place. I believe the developers are still working on the problem. Apparently it’s known about.
Thanks for getting back.

1 Like

It actually checks the version of OpenSSL used to create mod_ssl by reading the version string from mod_ssl.so :wink:

1 Like

At the moment, there is no open report for a macOS user encountering this error. (There is one for Gentoo, though).

Would you be able to share where you installed Apache from?

1 Like

Yes, Apache is installed from Homebrew, /usr/local/Cellar/httpd/2.4.43
and same with Openssl1.1. /usr/local/Cellar/openssl@1.1/1.1.1g
and same for certbot. /usr/local/Cellar/certbot/1.5.0

The interesting thing is. If I run certbot from the command line.
sudo certbot --dry-run renew or even without --dry-run …
I get that warning.
But run from the plist file, I now notice- the console log both std and err don’t show it.
Only from the command line.

robert

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.