Localhost.crt does not exist or is empty

While setting up Certbot I got the following and this also includes the .log file that was created.

[root@mail ~]# /usr/local/bin/certbot-auto certonly --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty

Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.con
f:\nSSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty\n”,)
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.con
f:\nSSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty\n”,)

[root@mail ~]# cat /var/log/letsencrypt/letsencrypt.log
2019-10-13 00:16:26,148:DEBUG:certbot.main:certbot version: 0.39.0
2019-10-13 00:16:26,150:DEBUG:certbot.main:Arguments: [’–apache’]
2019-10-13 00:16:26,151:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#
nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-10-13 00:16:26,176:DEBUG:certbot.log:Root logging level set at 20
2019-10-13 00:16:26,178:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-10-13 00:16:26,179:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-10-13 00:16:26,258:ERROR:certbot.util:Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty

2019-10-13 00:16:26,259:DEBUG:certbot.plugins.disco:Misconfigured PluginEntryPoint#apache: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot_apache/configurator.py”, line 2239, in config_test
util.run_script(self.option(“conftest_cmd”))
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/util.py”, line 85, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/plugins/disco.py”, line 130, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot_apache/configurator.py”, line 239, in prepare
self.config_test()
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot_apache/override_centos.py”, line 58, in config_test
super(CentOSConfigurator, self).config_test()
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot_apache/configurator.py”, line 2241, in config_test
raise errors.MisconfigurationError(str(err))
certbot.errors.MisconfigurationError: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty

2019-10-13 00:16:26,261:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f7549fdbdd8>
Prep: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty

2019-10-13 00:16:26,264:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f7549fdbdd8>
Prep: Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty

2019-10-13 00:16:26,264:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2019-10-13 00:16:26,265:INFO:certbot.main:Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your
existing configuration.
The error was: MisconfigurationError(“Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.con
f:\nSSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty\n”,)
2019-10-13 00:16:26,266:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
load_entry_point(‘letsencrypt==0.7.0’, ‘console_scripts’, ‘letsencrypt’)()
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/main.py”, line 1244, in certonly
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, “certonly”)
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/plugins/selection.py”, line 235, in choose_configurator_plugins
diagnose_configurator_problem(“authenticator”, req_auth, plugins)
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/plugins/selection.py”, line 339, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.con
f:\nSSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty\n”,)

1 Like

It’s a problem with the mod_ssl package in RHEL8 and CentOS 8. When you install it the first time, it produces an invalid Apache configuration.

Supposedly, restarting Apache via systemd fixes it:

systemctl restart httpd

Beneath the hood, it causes the following command to run, which fixes generates the missing snakeoil certificates:

/usr/libexec/httpd-ssl-gencerts
3 Likes

Thank you _az for the your reply. I did exactly as you mentioned and it worked. Thank you very much.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.