The apache plugin is not working; there may be problems with your existing configuration

Hello everybody ,
I tracked down the problem and searched a lot and the solution was not done with me, I always get this error

sudo certbot certonly --apache -d

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root')
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root')

i have Apache on CentOS 7

1 Like

If you're running a custom Apache (compiled yourself for example), the certbot apache plugin can have a hard time finding it. You might be able get things working using the --apache-server-root command line option and its related options such as --apache-ctl. See all command line options with certbot --help all or check them out online in the certbot documentation.


Thanxs Bro

i try but i see this

# sudo certbot --apache-server-root -d
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certbot: error: argument --apache-server-root: expected one argument
1 Like

Eeeehh, you obviously need to read what the option is for. You can't just copy/paste something without reading about it. Please see the command certbot --help all or the certbot documentation linked above.


I'm also interested in knowing what this might show us:
apachectl -S

Hi @sys616
I am also facing the same problem, did you already got any solution?
I am also using apache on centos 7.

A few things:

  • Are you running into the exact same errors or perhaps just one of the messages? This makes a difference.
  • Are you running a custom, non-standard Apache? E.g. compiled it yourself. @sys616 didn't answer this question.

Yeah, I am facing the exact same errors. I am not able to install certbot using either of sudo certbot --apache or sudo certbot certonly --apache with the message NoInstallationError('Could not find configuration root')
I also tried going through certbot --help all but couldn't able to figure our as for few commands it was showing error message as 'expected one argument'

No, I am using the standard apache2.

Which version of certbot are you (and also @sys616 ) running? Perhaps upgrading might help.

For me, I think it's not yet got installed.
I am following these steps in this page for the first time. And apparently got stuck at step 7.

After step 6 it's installed. Using "snap" however should give you the most recent version, you can check by running certbot --version.

What's the output of apachectl -S? Or if that command doesn't work, try httpd -S.

Oh okay,
So, it's certbot 1.12.0

It's a very lengthy output for apachectl -S.
Starting with 'VirtualHost Configuration:' to some apache server details.
Is there any thing particular you want to know from the output?

Currently, I'm interested in the output beyond all the virtualhosts/namevhosts. On my server it starts with "ServerRoot: ...".

1 Like

okay, please check these lines below..

ServerRoot: "/etc/apache2"
Main DocumentRoot: "/etc/apache2/htdocs"
Main ErrorLog: "/etc/apache2/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: dir="/run/apache2" mechanism=fcntl
Mutex default: dir="/var/run/apache2/" mechanism=sysvsem
Mutex mpm-accept: using_defaults
Mutex rewrite-map: dir="/run/apache2" mechanism=fcntl
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/run/apache2/"
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name="nobody" id=99
Group: name="nobody" id=99

Hm, the current certbot apache module for CentOS expects to find all the Apache stuff in /etc/httpd/? See:

That's probably the reason. Has the Apache package been updated recently in CentOS perhaps? Or did you install it with aid of cPanel? Running apachectl -V might shed some extra light on the situation.


I'm not a geek yet. Just started to learn these things.
Glad that we reached to a conclusion.

Yeah we installed it with the help of cPanel.

Thanks for the command. So currently I have,
Server version: Apache/2.4.46 (cPanel)
Server built: Feb 9 2021 19:06:56

1 Like

Ah yes, I saw somewhere online that when Apache is installed with aid of cPanel, it uses the /etc/apache2/ root while usually when Apache is installed using the CentOS package manager, it seems to get installed with the root /etc/httpd/. This might also be the issue @sys616 is having.

@Ravi97 & @sys616 You might get the certbot apache plugin running using --apache-server-root /etc/apache2 , --apache-challenge-location /etc/apache2 and --apache-vhost-root /etc/apache2/conf.d/ (not sure about the paths of the latter two though!) as extra commands.

@certbot-devs Any idea for a long term solution for this? I'm sure we don't want to fiddle with --apache-server-root /etc/apache2 for every user who installed Apache through cPanel?


Certbot is never going to work with cPanel, unless a plugin is written for it. My preference would be that Certbot warns the user against running in cPanel at all.

cPanel is an environment where Apache has its configuration managed externally by the hosting control panel software. Certbot would need to use the cPanel APIs rather than directly interacting with Apache like it usually does.

To @Ravi97 I would propose investigating whether you can use the built-in cPanel AutoSSL functionality. It works quite flawlessly without having to run any commands: Manage AutoSSL | cPanel & WHM Documentation. If it's not working for you, I'd look into getting it fixed.

If for some reason that's not an option for you, then you can use certonly+webroot:

certbot certonly --webroot -w /home/user/public_html/ -d

Hm, true, if cPanel is used for everything, it doesn't make sense to use certbot indeed. I was thinking more like a scenario where cPanel perhaps was used only for installing Apache, but the user isn't using cPanel for anything else. I agree AutoSSL is a better option if cPanel is used mainly for maintenance of the server.