[SOLVED] Problem renewing certificate with Certbot (Ubuntu 16.04, Apache 2.4.18)


Under Ubuntu 16.04 + Apache 2.4.18, when trying to renew with Certbot installed from repository:

# letsencrypt renew --agree-tos --dry-run

I see the below:

Processing /etc/letsencrypt/renewal/example.com.conf
2016-12-08 20:13:38,723:WARNING:letsencrypt.client:Registering without email!
2016-12-08 20:13:47,220:ERROR:letsencrypt.le_util:Error while running a2dismod    socache_shmcb.

ERROR: The following modules depend on socache_shmcb and need to be disabled first: ssl

2016-12-08 20:13:47,221:ERROR:letsencrypt.reverter:Unable to run undo command: a2dismod socache_shmcb
** DRY RUN: simulating 'letsencrypt renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'letsencrypt renew' close to cert expiry
**          (The test certificates above have not been saved.)

 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.

Will renewal actually happen if the above is run via Cron on proper date?

If not, what are my options apart from doing that manually?


It looks like you’re running into this issue:

This was fixed in certbot (that’s letsencrypt's new name) since, but the package in Ubuntu 16.04 is older than that fix and they don’t seem to have backported it.

Judging by the message, renewal worked despite this error. I’d probably do a real renewal run to make sure that’s actually the case (try letsencrypt renew --force-renewal), and then check if your browser really gets a renewed certificate. If that works, I suppose ignoring this issue is a possibility.

Alternatively, you could apt-get remove the letsencrypt packages and install certbot via these instructions (they’ll work on Xenial). Your existing configuration and certificates should be compatible with that, so you’d just need to run /path/to/certbot-auto renew to renew instead.


Thanks, that looks like the older client issue - used the certbot you mentioned.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.