Unable to install certificathe


#1

Hello. I have a server and try to move to htts but this is hapend:
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
Created an SSL vhost at /etc/apache2/sites-enabled/unremis-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Error in checking parameter list: AH00526: Syntax error on line 36 of /etc/apache2/sites-enabled/unremis-le-ssl.conf:
SSLCertificateFile: file ‘/etc/apache2/insert_cert_file_path’ does not exist or is empty

Apache is unable to check whether or not the module is loaded because Apache is misconfigured.

IMPORTANT NOTES:

  • Unable to install the certificate

what to do? tanks in advance.


#2

Hi @GEDE448

There are a few other bits of information that are needed in order to assist.

Can you fill them out please :smiley:

I ran this command:

It produced this output:

My operating system is (include version):

Andrei


#3

Hi . off course. I follow the steeps to install certbot, and run de comand :
$ certbot --apache

Next they show me the options :
certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: mariomananeumaticos.com.ar
2: www.mariomananeumaticos.com.ar
3: servitrucks.com.ar
4: www.servitrucks.com.ar
5: unremis.com.ar
6: admin.unremis.com.ar
7: www.unremis.com.ar
8: unremis.com
9: admin.unremis.com
10: www.unremis.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):5,6,7,8,9,10
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel):esteban.kluser@gmail.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/©ancel: a


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.

(Y)es/(N)o: y
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for unremis.com.ar
tls-sni-01 challenge for admin.unremis.com.ar
tls-sni-01 challenge for www.unremis.com.ar
tls-sni-01 challenge for unremis.com
tls-sni-01 challenge for admin.unremis.com
tls-sni-01 challenge for www.unremis.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
Created an SSL vhost at /etc/apache2/sites-enabled/unremis-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Error in checking parameter list: AH00526: Syntax error on line 36 of /etc/apache2/sites-enabled/unremis-le-ssl.conf:
SSLCertificateFile: file ‘/etc/apache2/insert_cert_file_path’ does not exist or is empty

Apache is unable to check whether or not the module is loaded because Apache is misconfigured.

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/unremis.com.ar/fullchain.pem. Your cert will
    expire on 2017-07-08. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot again with the
    "certonly" option. To non-interactively renew all of your
    certificates, run “certbot renew”
  • If you lose your account credentials, you can recover through
    e-mails sent to esteban.kluser@gmail.com.
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

and thats od.

regards


#4

Hmm, looks like certbot added a temporary placeholder for the certificate directive, but tried to reload Apache before it changed the certificate directive to the correct value.

AFAIK the enabeling of the module is a one time thing. Did you run certbot a second time? It probably wouldn’t work, because of the invalid (temporary) certificate directive. But if it did work, it should ask you to install the certificate, because you’ve already got one issued.

Could you try to delete /etc/apache2/sites-enabled/unremis-le-ssl.conf and /etc/apache2/sites-available/unremis-le-ssl.conf and run certbot --apache again with exactly the same answers as you did before? It should ask you if you want the certificate installed (because you already got the certificate issued) and it should work this time, because mod_ssl is enabled now.

@schoen Is this a certbot bug? The certificate path responsible for this error is clearly from certbot: https://github.com/certbot/certbot/blob/dfd4d0c10e90beaf733dfea7acacd7902b9a68df/certbot-apache/certbot_apache/configurator.py#L1003-L1008


#5

Hello. Yes, i work on this right now and run certbot 3 times yet, but still having the same error.


#6

It would probably have given an other output, as the certificate is already issued. Can you post the complete output of such a second/third run?


#7

root@hazu1:/etc# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: mariomananeumaticos.com.ar
2: www.mariomananeumaticos.com.ar
3: servitrucks.com.ar
4: www.servitrucks.com.ar
5: unremis.com.ar
6: admin.unremis.com.ar
7: www.unremis.com.ar
8: unremis.com
9: admin.unremis.com
10: www.unremis.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):5,6,7,8,9,10
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/unremis.com.ar.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /etc/apache2/sites-enabled/unremis-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Error in checking parameter list: AH00526: Syntax error on line 36 of /etc/apache2/sites-enabled/unremis-le-ssl.conf:
SSLCertificateFile: file ‘/etc/apache2/insert_cert_file_path’ does not exist or is empty

Apache is unable to check whether or not the module is loaded because Apache is misconfigured.

IMPORTANT NOTES:

  • Unable to install the certificate

#8

THE LOG:

2017-04-09 11:35:18,109:INFO:certbot.renewal:Cert not yet due for renewal
2017-04-09 11:35:21,235:INFO:certbot.main:Keeping the existing certificate
2017-04-09 11:35:21,260:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/unremis-le-ssl.conf
2017-04-09 11:35:21,273:INFO:certbot_apache.configurator:Created an SSL vhost at /etc/apache2/sites-enabled/unremis-le-ssl.conf
2017-04-09 11:35:21,352:INFO:certbot_apache.configurator:Enabled Apache socache_shmcb module
2017-04-09 11:35:21,442:INFO:certbot_apache.configurator:Enabled Apache ssl module
2017-04-09 11:35:21,493:WARNING:certbot_apache.parser:Error in checking parameter list: AH00526: Syntax error on line 36 of /etc/apache2/sites-enabled/unremis-le-ssl.conf:
SSLCertificateFile: file ‘/etc/apache2/insert_cert_file_path’ does not exist or is empty

2017-04-09 11:35:21,495:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 389, in deploy_certificate
fullchain_path=fullchain_path)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 236, in deploy_cert
self.prepare_server_https(“443”)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 660, in prepare_server_https
self.prepare_https_modules(temp)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 754, in prepare_https_modules
self.enable_mod(“ssl”, temp=temp)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1629, in enable_mod
self.parser.update_runtime_variables()
File “/usr/lib/python2.7/dist-packages/certbot_apache/parser.py”, line 107, in update_runtime_variables
stdout = self._get_runtime_cfg()
File “/usr/lib/python2.7/dist-packages/certbot_apache/parser.py”, line 151, in _get_runtime_cfg
"Apache is unable to check whether or not the module is "
MisconfigurationError: Apache is unable to check whether or not the module is loaded because Apache is misconfigured.
2017-04-09 11:35:21,495:DEBUG:certbot.error_handler:Calling registered functions
2017-04-09 11:35:21,589:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2017-04-09 11:35:21,590:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.11.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 882, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 612, in run
lineage.chain, lineage.fullchain)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 389, in deploy_certificate
fullchain_path=fullchain_path)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 236, in deploy_cert
self.prepare_server_https(“443”)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 660, in prepare_server_https
self.prepare_https_modules(temp)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 754, in prepare_https_modules
self.enable_mod(“ssl”, temp=temp)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1629, in enable_mod
self.parser.update_runtime_variables()
File “/usr/lib/python2.7/dist-packages/certbot_apache/parser.py”, line 107, in update_runtime_variables
stdout = self._get_runtime_cfg()
File “/usr/lib/python2.7/dist-packages/certbot_apache/parser.py”, line 151, in _get_runtime_cfg
"Apache is unable to check whether or not the module is "
MisconfigurationError: Apache is unable to check whether or not the module is loaded because Apache is misconfigured.

                                                                                                                                92,0-1      Final

                                                                                                                                65,1          52%

#9

Hm, so apparently I was wrong when I said the enabeling of mod_ssl should be a one-time thing…

Perhaps you can enable it manually yourself with a2enmod ssl and then run certbot again?


#10

OHHH yes!!! you are a genius!!! thanks sow much!!! It works !

I owe a few beers! :wink:


#11

Well, thank you because if I’m not mistaken, this is a bug in certbot.

Could you tell us which version you are running? Perhaps it is already fixed, so that’s quite important.

You can check by running certbot --version.


#12

certbot 0.11.1

installed so:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache


#13

@schoen I can’t find anything related to this in the 0.12.0, 0.12.1 or 0.13.0 milestone on GitHub. Is this a currently active bug?


#14

@bmw, is this a possible bug related to a2enmod in the Apache plugin?


#15

Yes. This looks like an instance of #1328.


#16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.