I have created new websites served by my web-firewall and web-server that I want to have certs for. I inherited this whole system and how to make certs etc. It seems like a hack as in /etc/httpd/sites-devel exsist these .conf files that say:
<VirtualHost *:80> ServerName appname.mydomain.com ServerAlias appname DocumentRoot /var/www/html </VirtualHost>
so this script that runs the certbot-auto force renewal, moves sites-devel to sites-enabled. Then forces the renewal then moves sites-enabled back to sites-devel and recovers the original sites-enabled from a sites-enabled.save it got moved to. I understand this process, it is faking the webroot for all our apps running on our webserver.
The problem is, I have added my new app in this folder with the same conf file with the right appname. Though when I add this app tot he bottom of my /etc/letsencrypt/renewal/mydomain.com-004.conf file
then it says a parse error. what I don't understand is I have two apps, and I can add to the conf file:
version = 1.10.1 archive_dir = /etc..lets... cert = /etc...lets... privkey = /etc..lets... chain = /etc..lets... fullchain = /etc...lets... # Options used in the renewal process [renewalparams] authenticator = webroot account = blargblarg server = https://acme-etcetc.org/directory manual_public_ip_logging_ok = None [[webroot_map]] ... ... kronos.mydomain.com = /var/www/html
the above has no parse error, if I take out the kronos.mydomain.com = /var/www/html it has no parse error. If I though add this domain:
covid19.mydomain.com = /var/www/html
Parse error...so it seems it is looking somewhere else based on this I am just not sure where... I just inherited this whole web server and I am still coming to grips on how the certbot certs work.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
/opt/certbot/certbot-auto renew --force-renewal
It produced this output:
parse error in .conf file
My web server is (include version):
I can login to a root shell on my machine (yes or no, or I don't know):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
(I know it is old)