Using certbot for the very first time

I set up a server from scratch to test out certbot for new installations.
Ubuntu 16.04
Standard install for LAMP

I kept getting error messages about

  • Unable to install the certificate <-- ERROR I AM REPORTING
  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on [DATE]. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

Corrective steps:
a2enmod ssl
Edit the /etc/apache2/sites-enabled/ssl-[DOMAIN].conf file to point to the certificates.
EG: the
directives to point to the correct path, and to change the permissions of those files to be 600

Steps to reproduce:
Fire up a new server
Add certbot and install.
Create DNS entries to point to the new server
run certbot --apache
Observe errors
Correct as above

Hi @sean_e6,

Could you give us the output of certbot --version and the associated log file from /var/log/letsencrypt? Then we can figure out whether this is a known issue or not.

It’s possible that this has been fixed in a later release, since I believe Ubuntu 16.04 has a very old version of Certbot. However, I wouldn’t expect that the version they ship routinely fails this way in a default configuration, so maybe it’s also a bug that we or the Ubuntu packagers aren’t aware of.


Hi, Seth,

Version is 0.21.1, and the log file is attached.
Thanks for taking a look! If you can’t verify it’s a known bug, I’ll
send a pull request for patches once I set up a new github.
Also, if you would like me to reconfirm the bug and steps to replicate,
just let me know. I have a few domains I can use that won’t cause my any
problem, and I’ll have a few hours over the weekend.

Sean Embry
Infrastructure Operations Engineer II

Could you please try again? I think the attachment was discarded because your user account was too new.


To route around any possible issues, I’ve uploaded the log to
Let me know if you still have issues getting it. Next step would be to
ask you to create a ssh key and I’ll get you an account to down load it.
Remember to include a user name! :slight_smile:



It looks like the reason for the installer failure was

2018-03-06 15:20:46,501:WARNING:certbot_apache.parser:Error in checking parameter list: AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/
SSLCertificateFile: file '/etc/ssl/certs/' does not exist or is empty

Did you create this file (/etc/apache2/sites-enabled/ yourself? Did you previously have some other certificate or previously try to manually enable HTTPS on the site?

Hello Seth,

I did create the directory manually, however, it still didn’t work
subsequently until I also manually linked the cert to the location in
the config.
I will schedule some time over the weekend and do it again, and keep notes.



I didn’t understand whether you had working HTTPS before, or never did. But your configuration file was pointing to a nonexistent certificate, which is why it initially didn’t work until you created that link.

Hello Seth,

It was a fresh kick never before set up. Bare metal, standard install,
apt-get update, then apt-get apache and certbot,
certbot --apache I think. But if I can get some time this weekend, I’ll
rerun everything and get you the logs configs, and bash history.
If I’m able, I’ll analyze it, then submit a pull request with the patch,
or if it was my mistake, why I made it.


Hmmm, Certbot never uses the path /etc/ssl/certs, so that must have been some other HTTPS-related software of some sort.

Hello Seth,

No - it was a clean install, nothing else ever was there first from the
OS on down - I am sure of that. However, I will rekick and retry things,
document it pretty well. I am more than capable of being stupid, so let
me make sure I’m not being stupid.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.