Unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf

I'm not able to renew my certificate. Below is the command I ran with it's output. My interpretation of the log file is that it's not able to handle my http conf file which has numerous domains configured in it. Any help would be appreciated.

I got an error when trying to post here about maximum 20 links so I had to delete "https" out of some of the text. Hopefully that doesn't complicate reviewing the output too much.

sudo ./certbot-auto --renew

/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: ambiguous option: --renew could match --renew-by-default, --renew-with-new-domains, --renew-hook
[bullet@ip-50-63-57-76 ~]$ sudo ./certbot-auto renew
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for www.xyz.com
tls-sni-01 challenge for xyz.com
Cleaning up challenges
Attempting to renew cert (www.xyz.com) from /etc/letsencrypt/renewal/www.xyz.com.conf produced an unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com (failure)

1 renew failure(s), 0 parse failure(s)

If you can, install python2.7
try:
apt-get install python2.7
or:
yum install python2.7

show contents of /etc/letsencrypt/cli.ini file
show contents of /etc/letsencrypt/renewal/www.getsurreal.com.conf file
show output of: sudo ./certbot-auto --version

Thanks for the help. Here's what you asked for.

Installed Python2.7

sudo ./certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.xyz.com.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.xyz.com
tls-sni-01 challenge for xyz.com
Cleaning up challenges
Attempting to renew cert (www.xyz.com) from /etc/letsencrypt/renewal/www.xyz.com.conf produced an unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

The renewal file

renew_before_expiry = 30 days

version = 0.16.0
archive_dir = /etc/letsencrypt/archive/www.xyz.com
cert = /etc/letsencrypt/live/www.xyz.com/cert.pem
privkey = /etc/letsencrypt/live/www.xyz.com/privkey.pem
chain = /etc/letsencrypt/live/www.xyz.com/chain.pem
fullchain = /etc/letsencrypt/live/www.xyz.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account =

The cli.ini file does not exist

./certbot-auto --version
Requesting to rerun ./certbot-auto with root privileges...
certbot 0.19.0

I was able to get it to work by restoring my original version of certbot-auto which was version 0.16. I then ran the renewal with the don't upgrade flag and it worked. I don't know if it mattered, but I also cleared out the /opt/eff.org directory for it to re-download the files.

sudo ./certbot-auto renew --no-self-upgrade

p.s. Python 2.7 was installed as well.

sudo rpm -Uvh https://centos6.iuscommunity.org/ius-release.rpm
sudo yum -y install python27 python27-devel python27-pip python27-setuptools python27-virtualenv --enablerepo=ius

I think, this may have fixed the problem more than downgrading the certbot version back to 0.16.0
And as you made multiple changes it would be nice to separate them and find the true reason.
So, I would retest with version 0.19.0; Simply backup the 0.16.0 version and let it auto update.

Either way please post back your findings.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.