Renew fails; attempting to overwrite challenge file

For something that is so easy in principal, I keep running into weird problems I can’t explain.

Latest is the inability to renew a certificate because of a strange error pointing to the inability to overwrite /etc/httpd/conf/httpd.conf - a file certbot shouldn’t be touching anyway, since I have separate .conf files for each domain in /etc/httpd/conf.d

Complete error:

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/satellitemediaproduction.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for satellitemediaproduction.com
tls-sni-01 challenge for www.satellitemediaproduction.com
Cleaning up challenges
Attempting to renew cert (satellitemediaproduction.com) from /etc/letsencrypt/renewal/satellitemediaproduction.com.conf produced an unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf. Skipping.

When I manually attempted to run certbot today, I had to “install” it and update python packages, even though the thing has been running once/day through cron (with the same error) - this of course triggered a bunch of bootstrapping dependencies loops before it would run, but it seems settled down now other than generating that error.

I’ve searched looking for this specific error and found a few threads, but they all seem to tail off before actually finding a solution. one suggested separate certs per domain, but I already do that. Admittedly, if I did this right, satellitemediaproduction.com and www.satellitemediaproduction.com should be in the same cert…which is how I created the other certs on this machine.

This problem must be specific to this domain, since another of the domains on the same server, also with domain and www.domain in same cert, renewed properly on Feb. 2nd according to the browser’s certificate information. And a --dry-run succeeds swimmingly.

Suggestions as to what I might have done wrong?

Hi @CharlieSummers,

What version of Certbot are you using?

@bmw, could you take a look at this? The error in question is from reverter.py, and is code written by James back in 2015 (I’m not sure of the exact conditions in which it’s triggered).

@CharlieSummers, do you think you could also share the log file from /var/log/letsencrypt associated with this run? It might give us more information about what Certbot was trying to do when it ran into this problem.

certbot --version
certbot 0.21.1

Sure - http://bes.lofcom.com/chad/20180206_letsencrypt.log

(Let me know when y’all have it, since I’d like to remove it later; never know what info it could give the bad guys…)

I’ve asked @joohoi to take a look at this. In the meantime, you can try adding --preferred-challenges http to the command line which may work around the problem.

EDIT: I also have a copy of your logfile if you’d like to delete it.

Son of a gun if that didn’t work perfectly…

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/satellitemediaproduction.com/fullchain.pem (success)

Going to add that switch to the cronjob temporarily. Thank you!

Cool. Will keep a copy in root’s home directory so I can make it available again if necessary, and will do anything else I can do to provide info to help get this cleaned up.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.