Ubuntu 16.04 suddenly stopped working


#1

Please fill out the fields below so we can help you better.

My domain is: www.wefearchange.org

I ran this command: letsencrypt renew

It produced this output:

2017-02-17 16:17:01,702:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/www.wefearchange.org.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(). Skipping.

My operating system is (include version): Ubuntu 16.04.2 LTS

My web server is (include version): apache2 2.4.18-2ubuntu3.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I installed letsencrypt on my Ubuntu server a few months ago, but less than the 3 month renewal period, and enabled all my sites to use the certificates. Everything’s been working beautifully since then, and I see my twice-per-day renewal notifications (via letsencrypt renew from cron). I’ve not yet needed any renewals and still shouldn’t.

However, just today letsencrypt renew has started failing for all my domains with the above error message. I have no idea what may have changed. Neither apache2 nor letsencrypt got updated (both are installed via apt, e.g. letsencrypt version 0.4.1-1). I even keep my /etc under etckeeper so if I look at the git logs, nothings changed in my configuration since the 9th of February, and the renew check has worked great… until now.

Any thoughts on what might have suddenly broken it?


#2

Can you check if you have the python-letsencrypt-apache package installed? It’s separate from the letsencrypt package in Xenial. Not sure why it would have suddenly disappeared, but it’s worth checking out.

If that’s not it, could you run the renew command manually in verbose mode (-vvvvv) and provide the output and any logs from /var/log/letsencrypt?


#3

python-letsencrypt-apache is definitely installed:

$ dpkg -s python-letsencrypt-apache | grep -i version
Version: 0.4.1-1

Running with 5 -v I get a ton of output, but this seems like the relevant bits:

2017-02-20 18:08:58,267:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'Mc-jsFyva5aIiTdTSobc_riS5ILiTgv_nfF9Tu9UgrE', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/9XlsVENj9JKMGGcuXqHJAczHR_fjMPZgR1_KdBmEK_Q/681425127'}
2017-02-20 18:08:58,267:INFO:letsencrypt.auth_handler:Performing the following challenges:
2017-02-20 18:08:58,267:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for xxx.xx
2017-02-20 18:08:58,391:DEBUG:letsencrypt.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
    dv_resp = self.dv_auth.perform(self.dv_c)
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1549, in perform
    sni_response = chall_doer.perform()
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/tls_sni_01.py", line 78, in perform
    addrs = self._mod_config()
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/tls_sni_01.py", line 100, in _mod_config
    achall_addrs = self._get_addrs(achall)
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/tls_sni_01.py", line 119, in _get_addrs
    vhost = self.configurator.choose_vhost(achall.domain, temp=True)
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 314, in choose_vhost
    return self._choose_vhost_from_list(target_name, temp)
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 318, in _choose_vhost_from_list
    vhost = display_ops.select_vhost(target_name, self.vhosts)
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/display_ops.py", line 29, in select_vhost
    code, tag = _vhost_menu(domain, vhosts)
  File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/display_ops.py", line 93, in _vhost_menu
    raise errors.MissingCommandlineFlag(msg)
MissingCommandlineFlag: Failed to run Apache plugin non-interactively
Missing command line flag or config entry for this setting:
We were unable to find a vhost with a ServerName or Address of warsaw.us.
Which virtual host would you like to choose?

Then I get “Choices:” and a list of what looks like the configuration files in my /etc/apache2/sites-available directory. The conf files there do have multiple <VirtualHost …> sections each with a ServerName. I think I read that there may be problems with such config files. Is that’s what’s biting me here?

Note that I think what’s changed is that I’m now within the 30 day window were renewals are needed, so while my certs haven’t expired yet, I guess this is a new code path where it’s trying to renew the certs?


#4

Multiple <VirtualHost> tags per file could definitely cause this. The only workaround would be to separate the vhosts or switch to a different plugin (like --webroot, without the automatic configuration and installation). You can track this issue for progress on multi-vhost support.


#5

BTW, I did as suggested and moved all my <VirtualHost> entries into different files. That solved the problem and now all my certs got renewed.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.