Le_http_01_challenge_pre.conf doesn't exist

mikekehrli · June 13, 2024, 12:58pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: private.com

I ran this command: sudo apachectl configtest

It produced this output:

Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 2 of /etc/apache2/sites-enabled/ssl.private.com.conf: Could not open configuration file /etc/apache2/le_http_01_challenge_pre.conf: No such file or directory
Action 'configtest' failed.
The Apache error log may have more information.

My web server is (include version): apache2 v2.4.59

The operating system my web server runs on is (include version): Debian Bookworm

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): terminal window only

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.1.0

I've seen this topic before, but don't know what the resolution is. When running:
sudo certbot --apache

My apache site conf files get loaded with this line:
Include /etc/apache2/le_http_01_challenge_pre.conf

But that file doesn't exist. So configtest fails as does restarting apache. I've removed that line from my conf files. I only have 2 files but that line was repeated in 10 places. I just don't get why this line is added for a file that doesn't exist. It breaks the configuration. This is a bug!

MikeMcQ · June 13, 2024, 1:43pm

Those include statements and files are created by the Certbot --apache plugin.

They are added before requesting the cert and then removed from your Apache config after the cert request is complete. Even if the cert request fails they are deleted.

Did you kill off a Certbot process part-way through its request? That's the only thing I can think of as to why they are still there.

I have seen literally thousands of threads on this forum and I can't remember ever seeing this happen before. You said you saw this topic before. Do you have a link to one of those threads? Maybe there is a pattern of failure that I just don't remember.

The remedy is to manually remove the faulty include statements and try again.

You might also consider using the --webroot method rather than --apache. The webroot will not make any changes to your Apache config. It places a file in a location you set to match the Apache DocumentRoot for the matching domain name.

Your Certbot v2.1 is probably the one packaged in Debian. You should consider switching to the snap install for Certbot. This will keep you current. I don't think this caused the failure you describe. It is just a suggestion. Follow the steps below carefully. The Debian 10 instructions are the same as for 12.

Rip · June 13, 2024, 10:43pm

SO mike is correct IMHO.
does this "/etc/apache2/le_http_01_challenge_pre.conf" file actually exist?

If so please share the content, I have never seen such a file...
If not delete the reference to it in your vhost config file as @MikeMcQ has suggested and try again.

(It would be interesting to see if it reappears somehow)

MikeMcQ · June 14, 2024, 3:28am

It is created by the --apache plugin and only for the duration of the challenge. If all goes well you will never see this file or the related include statements.

If you use --debug-challenges -v Certbot will pause before requesting the cert but after it has setup the challenges. You can then see these temporary files. You can also see them in the Certbot log.

They contain code for the VirtualHost to handle the HTTP Challenge and are:

le_http_01_challenge_pre.conf

        RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

le_http_01_challenge_post.conf

        <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>

system · July 14, 2024, 3:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory Help	47	16397	August 23, 2020
Error on line 34 of /etc/apache2/sites-enabled/000-default-le-ssl.conf: Help	2	1610	August 18, 2022
SSLCertificateFile: file '/private/etc/apache2/server.crt' does not exist or is empty Help	33	22263	April 19, 2019
SSLCertificateFile: file doesnt exist or is empty Help	34	16100	December 20, 2020
Certbot Crashes before issuing certs Help	5	4158	March 27, 2018

Le_http_01_challenge_pre.conf doesn't exist

Related topics