Options-ssl-apache.conf manually modified; Renewals stopped

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: robert-chalmers.uk, quantum-radio.net and ww6.robert-chalmers.uk all on port 443

I ran this command: certbot renew (as normal from a plist)

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Cert not yet due for renewal

Cert not yet due for renewal

Cert not yet due for renewal

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Cert not yet due for renewal

Cert is due for renewal, auto-renewing…

Non-interactive renewal: random delay of 339.5548730640189 seconds

Unable to read ssl_module file; not disabling session tickets.

/etc/letsencrypt/options-ssl-apache.conf has been manually modified; updated file saved to /usr/local/Cellar/certbot/1.5.0/libexec/vendor/lib/python3.8/site-packages/certbot_apache/_internal/tls_configs/old-options-ssl-apache.conf. We recommend updating /etc/letsencrypt/options-ssl-apache.conf for security purposes.

Plugins selected: Authenticator apache, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for quantum-radio.net

Waiting for verification…

Challenge failed for domain quantum-radio.net

http-01 challenge for quantum-radio.net

Cleaning up challenges

Attempting to renew cert (www.quantum-radio.net) from /etc/letsencrypt/renewal/www.quantum-radio.net.conf produced an unexpected error: Some challenges have failed… Skipping.

Cert is due for renewal, auto-renewing…

Unable to read ssl_module file; not disabling session tickets.

Plugins selected: Authenticator apache, Installer None

Renewing an existing certificate

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): OSX 10.15.5

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.5.0

It seems after a recent update, something got changed or moved. How do I set it back to normal? so it works again
I’m getting this in my log file:

===================
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Cert not yet due for renewal

Cert not yet due for renewal

Cert not yet due for renewal

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Cert not yet due for renewal

Cert is due for renewal, auto-renewing…

Non-interactive renewal: random delay of 339.5548730640189 seconds

Unable to read ssl_module file; not disabling session tickets.

/etc/letsencrypt/options-ssl-apache.conf has been manually modified; updated file saved to /usr/local/Cellar/certbot/1.5.0/libexec/vendor/lib/python3.8/site-packages/certbot_apache/_internal/tls_configs/old-options-ssl-apache.conf. We recommend updating /etc/letsencrypt/options-ssl-apache.conf for security purposes.

Plugins selected: Authenticator apache, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for quantum-radio.net

Waiting for verification…

Challenge failed for domain quantum-radio.net

http-01 challenge for quantum-radio.net

Cleaning up challenges

Attempting to renew cert (www.quantum-radio.net) from /etc/letsencrypt/renewal/www.quantum-radio.net.conf produced an unexpected error: Some challenges have failed… Skipping.

Cert is due for renewal, auto-renewing…

Unable to read ssl_module file; not disabling session tickets.

Plugins selected: Authenticator apache, Installer None

Renewing an existing certificate

Hi @rachalmers

Options-ssl-apache.conf manually modified

then undo that.

1 Like

Hi, thanks.
It was done automatically as part of the upgrade.
Can I delete it and auto generate it again?
I don’t know how to ‘undo’ something done automatically.
Robert

I don’t know if that’s the problem.

Your complete output is missing.

Oh - what’s that? Checking your domain via https://check-your-website.server-daten.de/?q=quantum-radio.net

Different ipv4 / ipv6 answers. And no answer port 80. So http validation can’t work.

1 Like

Ok,
Two things.
The main website is the Robert-Chalmers.uk site. On 443.
https://robert-chalmers.uk
Anything else redirects to that port.

I saw that 80 appears to be blocked, but not by me? Must be the ISP. I’ve yet to look into it.

Quantum-Rafio.net is there but isn’t used.
Also https only though.

However…
The problem suddenly is the LetsEncrypt config file being changed. But it was changed by the crypto upgrade, so I guess it’s start again from scratch time to get it all working.

Robert

__________Robert Chalmers
https://robert-chalmers.uk
https://robert-chalmers.com
@R_A_Chalmers

From Qualsys

__________Robert Chalmers
https://robert-chalmers.uk
https://robert-chalmers.com
@R_A_Chalmers

Same problem. Please read the basics:

A working port 80 is required if you want to create a certificate via http validation. Not a blocking firewall.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.