Getting odd error in renew script

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot renew

It produced this output:

Cert is due for renewal, auto-renewing...

Unable to read ssl_module file; not disabling session tickets.

Plugins selected: Authenticator apache, Installer None

Renewing an existing certificate

It appears to work, but I can’t figure out why its giving this line.
Unable to read ssl_module file; not disabling session tickets.


My web server is (include version):

The operating system my web server runs on is (include version): OSX 10.15.5

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.5.0

1 Like

For some reason, certbot can’t open to check the OpenSSL version used in the Apache SSL module. Certbot wants to know the OpenSSL version before trying to disable session tickets apparently. I don’t think this is actually an error, but more of a warning.


It is a warning only I think, because the process proceeds and completes ok. I have no idea how or why certbot would want to check the version of Openssl other than it’s the same version that created the mod_ssl - which it is naturally.
But yes, it’s a starting place. I believe the developers are still working on the problem. Apparently it’s known about.
Thanks for getting back.

1 Like

It actually checks the version of OpenSSL used to create mod_ssl by reading the version string from :wink:

1 Like

At the moment, there is no open report for a macOS user encountering this error. (There is one for Gentoo, though).

Would you be able to share where you installed Apache from?

1 Like

Yes, Apache is installed from Homebrew, /usr/local/Cellar/httpd/2.4.43
and same with Openssl1.1. /usr/local/Cellar/openssl@1.1/1.1.1g
and same for certbot. /usr/local/Cellar/certbot/1.5.0

The interesting thing is. If I run certbot from the command line.
sudo certbot --dry-run renew or even without --dry-run …
I get that warning.
But run from the plist file, I now notice- the console log both std and err don’t show it.
Only from the command line.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.