Unable to renew via Apache web plugin nor webroot

Help
1

In the past, I have successfully renewed by Apache web plugin method. However, this time I get the following:

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel):www.mydomain.com
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.mydomain.com
Error while running apachectl graceful.
httpd not running, trying to start

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Cleaning up challenges
Error while running apachectl graceful.
httpd not running, trying to start

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Encountered exception during recovery
Error while running apachectl graceful.
httpd not running, trying to start

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Traceback (most recent call last):
File “/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/error_handler.py”, line 99, in _call_registered
self.funcs-1
File “/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 284, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1908, in cleanup
self.restart()
File “/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1797, in restart
self._reload()
File “/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1808, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apachectl graceful.
httpd not running, trying to start

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Error while running apachectl graceful.
httpd not running, trying to start

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Also, I tried using the webroot method, but I get the following:

Failed authorization procedure. www.mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mydomain.com/.well-known/acme-challenge/V604uEaQKSgHe_kUV70XApD07jhXs5cKISrzgsDVFQM: "

404 Not Found

Not Found

<p"

IMPORTANT NOTES:

And because I have failed to get this to work too many times, now I’m getting “There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.”

Please help me. I only have 5 days left to renew.

2

Hi @araldi99,

Do you have more than one web server installed, or a custom version of Apache or a different web server based on Apache? The Apache failure is symptomatic of having a second web server installed alongside the OS-provided web server.

The webroot failure is symptomatic of specifying the wrong webroot directory (which might also be a consequence of having two different web servers installed with different configurations, but could also happen for other reasons). Have you used webroot successfully in the past? What webroot directory did you specify when you tried the webroot method, and how did you chose it? What happens if you make a text file within that directory that you specified—can you then see it on your web site via a browser?

3

There is only one web server. I have never been able to get the webroot method to work, but the directory is correct (/var/www/html). It automatically created the acme-challenge directory and everything. Also, the entire site is https, but I made htaccess allow regular http for the .well-known directory.

I was only able to renew once using the Apache Web Server plugin. I haven’t changed anything since then, so I am surprised the same method didn’t still work.

4

What happens if you create /var/www/html/test.txt and /var/www/html/.well-known/acme-challenge/test2.txt? Can you see them with a browser?

Is it possible that you have IPv6 and your IPv6 site is configured differently from your IPv4 site? A lot of people on the forum have been having problems related to that this past week, because the CA changed to prefer IPv6 over IPv4 if both are available.

5

Turns out a yum update to php had a bug and prevented httpd from being able
to restart. Had to reboot, then restart httpd.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.