Lets Encrypt on Mac OS Big Sur Error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: allwestbc.com

I ran this command: certbot certonly --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): c
An e-mail address or --register-unsafely-without-email must be provided.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

2021-07-20 11:14:47,184:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-07-20 11:14:47,185:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2021-07-20 11:14:47,185:DEBUG:certbot._internal.main:Arguments: ['--apache']
2021-07-20 11:14:47,185:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-20 11:14:47,235:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-20 11:14:47,237:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-07-20 11:14:47,571:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.46
2021-07-20 11:14:48,054:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2021-07-20 11:14:48,056:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x105bfd0a0>
Prep: True
2021-07-20 11:14:48,057:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x105bfd0a0> and installer <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x105bfd0a0>
2021-07-20 11:14:48,057:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-07-20 11:21:38,324:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.17.0', 'console_scripts', 'certbot')())
File "/usr/local/Cellar/certbot/1.17.0/libexec/lib/python3.9/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/local/Cellar/certbot/1.17.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/local/Cellar/certbot/1.17.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 1282, in run
le_client = _init_le_client(config, authenticator, installer)
File "/usr/local/Cellar/certbot/1.17.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 763, in _init_le_client
acc, acme = _determine_account(config)
File "/usr/local/Cellar/certbot/1.17.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 676, in _determine_account
config.email = display_ops.get_email()
File "/usr/local/Cellar/certbot/1.17.0/libexec/lib/python3.9/site-packages/certbot/display/ops.py", line 61, in get_email
raise errors.Error(
certbot.errors.Error: An e-mail address or --register-unsafely-without-email must be provided.
2021-07-20 11:21:38,327:ERROR:certbot._internal.log:An e-mail address or --register-unsafely-without-email must be provided.

My web server is (include version): Apache running under MAMP Pro V6.4

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Mac OS Big Sur V11.4

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Just reinstalled the current version of HomeBrew and Certbot

2 Likes

Hi @BuckDuane, and welcome to the LE community forum :slight_smile:

I think the problem is that the certbot apache plugin is unaware of the MAC OS and expects all apache files to be found in their default Linux locations.
Have a look at this post: Unable to find a virtual host - #5 by griffin

OR

Avoid using --apache on MAC altogether by installing the cert manually and using --webroot for authentication.

2 Likes

Notice it says either an email or the --register-unsafely-without-email command must be provided (in the command line). :smiley:

You may want to use:

certbot certonly --apache --register-unsafely-without-email

The error regarding the error WARNING:certbot_apache._internal.configurator:Could not find ssl_module
Could not find ssl_module; not disabling session tickets isn't always fatal. At times it's a bug that pops up with cerbot used with certain Apache versions along with certain versions of other software such as OpenSUSE Leap 15.2 or OpenSSL.

You may want to fix the email thing and run certbot again. Then if it fails, we'll work on finding what path the bin file is hiding in, or go with the @rg305 's suggestion above. Note that you will have to install the cert yourself because you're using certonly.

4 Likes

This might help diagnose the problem. I only have one domain on this server and it has been using LetsEncrypt certs for two years. I update them regularly. I updated the Mac OS to Big Sur and now my authorization fails. I have the Mac Firewall software turned off. Here is the response I am getting when I run sudo certbot renew. I can’t see that folder as it has a dot file name. We are seeing this problem on many of our servers. It must have something to do with the BIG Sur upgrade. I would think this would be a known problem at this point.


Processing /etc/letsencrypt/renewal/w01.mylibraries.online.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for w01.mylibraries.online
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (w01.mylibraries.online) from /etc/letsencrypt/renewal/w01.mylibraries.online.conf produced an unexpected error: Failed authorization procedure. w01.mylibraries.online (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://w01.mylibraries.online/.well-known/acme-challenge/tOibBireI7JMJDje7NozYqab-ukEvS43WQ3HRu6xRls [199.38.85.103]: "\n\n404 Not Found\n\n

Not Found

\n<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/w01.mylibraries.online/fullchain.pem (failure)

1 Like

Hello Jim
I have started fresh with Catalina on Mac OS and MAMP Pro which used to work. Then I installed Home-brew and am still getting the same errors. Missing ssl_module and the missing host which is not correct.

The virtual host was set up successfully.

If you can see this page, your new virtual host was set up successfully. Now, web content can be added and this placeholder page1 should be replaced or deleted.

Server software:
Server name:
Document root:
Protocol:
PHP:

1 File:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): user@mydomain.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?


(Y)es/(N)o: y


Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: sudo certbot certonly --apache
(Y)es/(N)o: N
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): w01.mylibraries.online
Requesting a certificate for w01.mylibraries.online
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Here is the log file…

2021-07-23 17:26:20,903:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-07-23 17:26:20,903:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2021-07-23 17:26:20,903:DEBUG:certbot._internal.main:Arguments: ['--apache']
2021-07-23 17:26:20,903:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-23 17:26:20,927:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-23 17:26:20,928:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-07-23 17:26:21,108:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.46
2021-07-23 17:26:21,378:WARNING:certbot_apache._internal.configurator:Could not find ssl_module; not disabling session tickets.
2021-07-23 17:26:21,379:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x10624f490>
Prep: True
2021-07-23 17:26:21,380:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x10624f490>
Prep: True
2021-07-23 17:26:21,380:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x10624f490> and installer <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x10624f490>
2021-07-23 17:26:21,380:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-07-23 17:27:05,431:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-07-23 17:27:05,472:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-07-23 17:27:05,584:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-07-23 17:27:05,584:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"4QJiU4xqBAE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-07-23 17:27:18,903:DEBUG:acme.client:Requesting fresh nonce
2021-07-23 17:27:18,903:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-07-23 17:27:18,934:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-07-23 17:27:18,935:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102m46ZU84hRSexcQVPRWFD3z_0dtCpnCZRl4yDIB82qkg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2021-07-23 17:27:18,935:DEBUG:acme.client:Storing nonce: 0102m46ZU84hRSexcQVPRWFD3z_0dtCpnCZRl4yDIB82qkg
2021-07-23 17:27:18,935:DEBUG:acme.client:JWS payload:
b'{\n "contact": [\n "mailto:user@mydomain.com"\n ],\n "termsOfServiceAgreed": true\n}'
2021-07-23 17:27:18,937:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIndKVjd4ZjFrVE81X1RRaDVEbHVlWGhlc2lmeE1pWEZXN1pDMDA2SUx5MVRHczQ4R3VTa0ttbEgwQnhBdzZkNzN6cVJtMkdjWlhlRGVZY0xUTVVtMXdkS3hYc3BveElpcjBhUW5YNTdyUjljaFloT1VCa2NFXy1yQUJuXzVPN0d4RmhZMHJTZ0lwamtmWVdJN0VsUXZ0aXlmbmRaRjdKaXllWVkybW90RVFlZnpTdkJCN0x3ODlOOFJaSEJhTDVNM09uaHBUbzN5LWdNSkVzNGZxaXV3NUVlVU5RMmdsWVB4eDNIQjZtbktOY1JZLUxteTNvTEYwX0R4NnAxeE13XzZJMERFVEpBMm5zTDdPVS1TM0VFOGl3aHNTVTNmNEUtUjM2VjVKZFgwbWxUVHN5VXFxcTlsR2ZrY3hqdmdBbFpscXNBaE15dDhHR1N5dGhjVi1sX0JydyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMDEwMm00NlpVODRoUlNleGNRVlBSV0ZEM3pfMGR0Q3BuQ1pSbDR5RElCODJxa2ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0In0",
"signature": "udaJ5fXmcW44dLPLHD2RRrx9BLZ0IFtjWxhy8s5MOCRHWt_MDYtHNcaemYabrcVVIoBe-572EUIuhZ6MDfgS17qpA0k9Ep90dm0Fi9bJhUsaQTbE2iKkcoIVw994psx4WsnU-5slbzJiVXzg7S_nmNEQP0IuikHTWeuDW33qPDLkSwWrz8RpE6wl-c69LkkXnWe0ykBzTbwL0GkLjD0oGJdn4nb49o-41zEbDNrOhxX324CTjC5DWM2uouFD0yiCcLBjHy14C9a7qgOlYj3QBt_hA3DiTjDXVsb6Xo44H-pc2TJNdT1UGhPai8Fuilshs7ZBTAk1WsHwEcJypu20-w",
"payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpkdWFuZUB3aXNkb21xdWVzdC5jb20iCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0"
}
2021-07-23 17:27:19,072:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 564
2021-07-23 17:27:19,072:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 564
Connection: keep-alive
Boulder-Requester: 134383501
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/134383501
Replay-Nonce: 01014ODJugtvfj2QOOl6DVgIVU7qiaeQP5Ifi7KnfoWF0QE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"key": {
"kty": "RSA",
"n": "wJV7xf1kTO5_TQh5DlueXhesifxMiXFW7ZC006ILy1TGs48GuSkKmlH0BxAw6d73zqRm2GcZXeDeYcLTMUm1wdKxXspoxIir0aQnX57rR9chYhOUBkcE_-rABn_5O7GxFhY0rSgIpjkfYWI7ElQvtiyfndZF7JiyeYY2motEQefzSvBB7Lw89N8RZHBaL5M3OnhpTo3y-gMJEs4fqiuw5EeUNQ2glYPxx3HB6mnKNcRY-Lmy3oLF0_Dx6p1xMw_6I0DETJA2nsL7OU-S3EE8iwhsSU3f4E-R36V5JdX0mlTTsyUqqq9lGfkcxjvgAlZlqsAhMyt8GGSythcV-l_Brw",
"e": "AQAB"
},
"contact": [
"mailto:user@mydomain.com"
],
"initialIp": "199.38.85.103",
"createdAt": "2021-07-23T22:27:19.054594888Z",
"status": "valid"
}
2021-07-23 17:27:19,072:DEBUG:acme.client:Storing nonce: 01014ODJugtvfj2QOOl6DVgIVU7qiaeQP5Ifi7KnfoWF0QE

2 Likes

Have you tried?:

2 Likes

No, I’m not experienced in command line. I believe the problem is in the latest HomeBrew install.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.