I can't make a new certification why?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:


I ran this command:

service apache2 start

It produced this output:

Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

and in the log is this:

AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/00
SSLCertificateFile: file '/etc/letsencrypt/live/eikemerch.de/full
Action 'start' failed.
The Apache error log may have more information.
 apache2.service: Control process exited, code=exited, status=1/FAILURE
apache2.service: Failed with result 'exit-code'.
Failed to start The Apache HTTP Server.


apache2.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- The unit apache2.service has entered the 'failed' state with result 'exit-code'.
Failed to start The Apache HTTP Server.

My web server is (include version):

Apache/2.4.38 (Debian)

The operating system my web server runs on is (include version):

Debian 10 (busted)

My hosting provider, if applicable, is:


I can login to a root shell on my machine (yes or no, or I don't know):


I'm using a control panel to manage my site (no, or provide the name and version of the control panel):


The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.22.0

With friendly regards


You can't start Apache. What does this have to do with generating a certificate?

1 Like

because i can‘t start apache because i can‘t generate a New certificated that is my Problem. I can’t generate a new certificate

What did you do with the old one?

1 Like

What does line 33 (and 34) say?


Line 33 say

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

ServerName eikemerch.de
SSLCertificateFile /etc/letsencrypt/live/eikemerch.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/eikemerch.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf


This directory contains your keys and certificates.

`[cert name]/privkey.pem`  : the private key for your certificate.
`[cert name]/fullchain.pem`: the certificate file used in most server software.
`[cert name]/chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`[cert name]/cert.pem`     : will break many server configurations, and should not be used
                 without reading further documentation (see link below).

         Certbot expects these files to remain in this location in order
         to function properly!

We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

and now ?

the old one is expired and it would not be renewed or have not received an email because of reminder that it expires the certificate

That wouldn't prevent Apache from starting. So what did you do with it?

Do these files exist?:

1 Like

yes the file is exist :smiley:

Please show the output of:
apachectl -t -D DUMP_VHOSTS

1 Like

I don't find it

Try it with sudo:
sudo apachectl -t -D DUMP_VHOSTS

find / -name apachectl

1 Like
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using --  . Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   -- (/etc/apache2/sites-enabled/000-default.conf:1)

this is it

You need a working HTTP site before you can secure it (via HTTP authentication).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.