I’m able to reproduce this on Mageia 3, but Mageia 3 is way old and crusty and has been EOL since 2014 http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/. I would recommend an upgrade to Mageia 7 post-haste.
urpmi apache
urpmi python
urpmi python-pip
urpmi augeas
pip install pip --upgrade
pip install setuptools --upgrade
pip install certbot --upgrade
pip install certbot-apache --upgrade
httpd
certbot --apache --debug
[root@7999df154eab conf.d]# certbot --apache --debug
/usr/lib64/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('There has been an error in parsing the file /etc/httpd/conf/conf.d/security.conf on line 17: Syntax error',)
If I comment out the internals of the FilesMatch block, I can get certbot to correctly parse the config.
[root@7999df154eab conf.d]# cat security.conf
# miscellaneous security settings
# disable TRACE (CVE-2009-2823)
TraceEnable Off
<IfModule mod_dir.c>
# This protects rpm backup files from beeing served, these files could
# contain sensible information.
<FilesMatch "\.(rpmorig|rpmsave)$">
Require all denied
</FilesMatch>
# This protects ssi and php files from beeing served if the module is not
# installed, it prevents presumptive source code theft.
<IfModule !mod_include.c>
<FilesMatch "\.(shtml)$">
# ErrorDocument 403 "<h1>403 Forbidden: Execute Access Forbidden</h1>\
# <p>The server is currently not serving ssi scripts.</p><p>This \
# could mean the server administrator is doing maintenance or has \
# orphan ssi files laying around, please contact the server \
# administrator or come back later. Thank you.</p>
# Require all denied
</FilesMatch>
</IfModule>
<IfModule !mod_php.c>
<FilesMatch "\.(php|php3|php4|php5|phps|phtml)$">
# ErrorDocument 403 "<h1>403 Forbidden: Execute Access Forbidden</h1>\
# <p>The server is currently not serving php scripts.</p><p>This \
# could mean the server administrator is doing maintenance or has \
# orphan php files laying around, please contact the server \
# administrator or come back later. Thank you.</p>
# Require all denied
</FilesMatch>
</IfModule>
</IfModule>
[root@7999df154eab conf.d]# certbot --apache --debug
/usr/lib64/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): ^C
Doing some further digging, I found that the Mageia 3 security.conf
is missing a closing "
at the end of each ErrorDocument
which causes certbot to bail out with the error we’ve both received. Simply adding a closing "
as shown below will allow certbot to work.
[root@7999df154eab conf.d]# cat security.conf
# miscellaneous security settings
# disable TRACE (CVE-2009-2823)
TraceEnable Off
<IfModule mod_dir.c>
# This protects rpm backup files from beeing served, these files could
# contain sensible information.
<FilesMatch "\.(rpmorig|rpmsave)$">
Require all denied
</FilesMatch>
# This protects ssi and php files from beeing served if the module is not
# installed, it prevents presumptive source code theft.
<IfModule !mod_include.c>
<FilesMatch "\.(shtml)$">
ErrorDocument 403 "<h1>403 Forbidden: Execute Access Forbidden</h1>\
<p>The server is currently not serving ssi scripts.</p><p>This \
could mean the server administrator is doing maintenance or has \
orphan ssi files laying around, please contact the server \
administrator or come back later. Thank you.</p>"
Require all denied
</FilesMatch>
</IfModule>
<IfModule !mod_php.c>
<FilesMatch "\.(php|php3|php4|php5|phps|phtml)$">
ErrorDocument 403 "<h1>403 Forbidden: Execute Access Forbidden</h1>\
<p>The server is currently not serving php scripts.</p><p>This \
could mean the server administrator is doing maintenance or has \
orphan php files laying around, please contact the server \
administrator or come back later. Thank you.</p>"
Require all denied
</FilesMatch>
</IfModule>
</IfModule>
Best of luck out there.