Unable to install certificate on freeBSD

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
pcbcrm.pcb-intl.com
I ran this command:
certbot --apache -d pcbcrm.pcb-intl.com
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /usr/local/etc/letsencrypt/renewal/pcbcrm.pcb-intl.com-0001.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf
Deploying Certificate to VirtualHost /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf
Enabling site /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf by adding Include to root configuration
Error while running apachectl configtest.
Performing sanity check on apache24 configuration:

AH00526: Syntax error on line 550 of /usr/local/etc/apache24/httpd.conf:
Cannot define multiple Listeners on the same IP:port

Rolling back to previous server configuration…
Error while running apachectl configtest.
Performing sanity check on apache24 configuration:

AH00526: Syntax error on line 550 of /usr/local/etc/apache24/httpd.conf:
Cannot define multiple Listeners on the same IP:port

IMPORTANT NOTES:

  • We were unable to install your certificate, however, we
    successfully restored your server to its prior configuration.
  • Congratulations! Your certificate and chain have been saved at:
    /usr/local/etc/letsencrypt/live/pcbcrm.pcb-intl.com-0001/fullchain.pem
    Your key file has been saved at:
    /usr/local/etc/letsencrypt/live/pcbcrm.pcb-intl.com-0001/privkey.pem
    Your cert will expire on 2020-05-25. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”
  • Some rewrite rules copied from
    /usr/local/etc/apache24/extra/httpd-vhosts.conf were disabled in
    the vhost for your HTTPS site located at
    /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf because they
    have the potential to create redirection loops.
    My web server is (include version):
    apache2.4
    The operating system my web server runs on is (include version):
    FreeBSD 12.1-RELEASE-p2
    My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.0.0

1 Like

Please check the Apache config with (and show the results of):
apachectl -S

1 Like

VirtualHost configuration:
*:80 pcbcrm.pcb-intl.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:40)
ServerRoot: “/usr/local”
Main DocumentRoot: “/usr/local/www/apache24/data”
Main ErrorLog: “/var/log/httpd-error.log”
Mutex default: dir="/var/run/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/var/run/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www” id=80
Group: name=“www” id=80

1 Like

That looks good.

How about:

1 Like


then is none I suspect that this either is related to a macro or certobot is adding code and then rolling back after the failure

1 Like

It is probably calculating the line number based on after it expands all the included files.
[Hard to say exactly what line that would be.]

Is there a way to get the expanded config file or keep the include files separately? Or should I look at each include file as an added line numbers?

In NGINX, that is simple.
In Apache … I don’t know of a way.
[I’ll search for one and post back if I do find anything]

In the meantime, yes, you can always copy all the files out and manually put them together in the included order and create one big config file.

1 Like

thank you for your response I will try this tomorrow and see what I get.

1 Like

I just comment out Listen 443 in etc/apache24/modules.d/020_mod_ssl.conf
included in
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
thank you again?

1 Like

I don’t think that will fix the problem…
Has anything changed, or improved, since?

1 Like

the comment out of the listen Listen 443 fixed the issue I was looking at

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.