List Index out of range error on Certbot first run

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot --apache

It produced this output:

IndexError: list index out of range
From Error log: 
Traceback (most recent call last):
  File "/snap/certbot/952/bin/certbot", line 8, in <module>
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/", line 1413, in main
    return config.func(config, plugins)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/", line 1164, in run
    _install_cert(config, le_client, domains, new_lineage)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/", line 803, in _install_cert
    le_client.deploy_certificate(domains, path_provider.key_path,
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/", line 539, in deploy_certificate
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot_apache/_internal/", line 489, in deploy_cert
    self._deploy_cert(vhost, cert_path, key_path, chain_path, fullchain_path)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot_apache/_internal/", line 633, in _deploy_cert
    self.parser.aug.set(path["cert_path"][-1], fullchain_path)
IndexError: list index out of range

My web server is (include version): Apache 2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Linux Mint 20.1 -Ulyssa

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0


Welcome to the Let's Encrypt Community, Paul :slightly_smiling_face:

That's... different. Let me ask.


Any ideas here?



Could you please post the contents of the virtualhost file from Apache?


Contents of VirtualHost as requested: (I'm assuming you only want the https part and not the http)

<IfModule mode_ssl.c>
    <VirtualHost _default_:443>
        DocumentRoot /var/www/html/nextcloud
#        ServerAlias
        Alias /nextcloud "/var/www/html/nextcloud/"

        <Directory /var/www/html/nextcloud/>
           Options FollowSymLinks MultiViews  
           AllowOverride All
           Require all granted 
           Satisfy Any
            <IfModule mod_dav.c>
                Dav off
            <IfModule mod_headers.c>
                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
            SetEnv HOME /var/www/html/nextcloud
            SetEnv HTTP_HOME /var/www/html/nextcloud

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key


You can see that I still have the apache default certs in there, copied from the "default-ssl.conf file when I tried disabling that site to have this .conf file as the only active one. I was having trouble getting https working at all with the Nextcloud folder outside of /var/www/html. When I moved it into the html folder, it all sprang to life and started working as expected. I had re-enabled the default-ssl site by this point. However, I can see that things might be getting confused by using "default:443" VirtualHost in the default-ssl.conf and this, the nextcloud.conf. Perhaps this is my issue? It was all kind of "poke and hope", as I'm no expert at this, by any means.
I hope this helps.
Paul N.


Thanks, this looks like a legitimate bug to me.

I'm not exactly sure on the cause, but it seems to be caused by this typo right here:

that should be

<IfModule mod_ssl.c>

I think if you correct it, Certbot won't crash anymore.

edit: Filed a bug.


That was it! It's my chubby digits again. Those keys are kind of close together aren't they?
However, I'm surprised that apache didn't throw a parsing error for the random like it does for VirtualHost and Directory tags.
Thank you very much for your keen eyesight and help. Certbot working fine now.
Now for auto renewal...
Paul N


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.