Renew has stopped working


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: uat.totalflood.com

I ran this command: certbot renew

It produced this output:
Error while running apachectl configtest.

Syntax error on line 2 of /etc/httpd/conf.d/le_http_01_challenge_pre.conf:
RewriteRule: unknown flag ‘END’

My web server is (include version): Apache 2.2.15

The operating system my web server runs on is (include version): CentOS 6.10

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.33.1

Can anyone tell me what module that [END] is generated in is in so I can change it?


#2

Hi @jscarville

looks like a rewrite rule.

So check your file

/etc/httpd/conf.d/le_http_01_challenge_pre.conf

to find that. Or the error message is wrong, then check the other config files.

RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Perhaps your Apache is too old.


#3

It is a RewriteRule generated by certbot-auto. The program recreates the
le_http_01_challenge_pre.conf file each time it runs so, even if certbot-auto did not delete it, editing it would do no good.

The problem is the [END] flag is only supported by 2.4.XX. It worked until recently so I am guessing the maintainers recently dropped support for 2.2. I will have to edit the code to fix it until the migration to 2.4 is complete.


#4

False alarm. Apache binary was edited (!) to report the wrong version. I re-installed the binary and it works now.

Arrrrgh!