I used certbot 0.19.0 to renew 3 certificates on the same server.
It could successfully renew the first domain but failed for the last 2.
Then I noticed Apache was down.
I tried to restart it but it would always complain port 443 was busy.
When I inspected the ports.conf file, I noticed that:
<IfModule mod_ssl.c> Listen 443 # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443 </IfModule>
Listen 443 is there twice, and, I know that sounds silly, but it would prevent Apache from starting.
When I remove one of the instances, it works again, and I can renew the next certificate, but then certbot adds back the extra
Listen 443. I can remove the first or last occurence, it doesn’t matter, it’s added back every time.
Not sure what’s causing that, maybe the comments in the mod_ssl.c section? I haven’t tried to remove them, but maybe it’s worth a try when you investigate the issue.
Apache version is:
Apache/2.2.22 (Debian) mod_fcgid/2.3.6 mod_ssl/2.2.27
Running on Debian 7.11