search

certbot / certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Other
31.45k stars 3.39k forks source link

Getting "Error while running apachectl graceful", when trying to renew cert #5466

Closed sjaanus closed 6 years ago

sjaanus commented 6 years ago

My operating system is (include version):

Centos 7

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

sudo yum install epel-release
sudo yum install httpd mod_ssl python-certbot-apache
certbot --authenticator standalone --installer apache -d my.domain.com --pre-hook "systemctl stop httpd" --post-hook "systemctl start httpd"

I ran this command and it produced this output:

certbot renew --dry-run Output


Job for httpd.service invalid.

Attempting to renew cert (my.domain.com) from /etc/letsencrypt/renewal/my.domain.com.conf produced an unexpected error: Error while running apachectl graceful.

Job for httpd.service invalid.
. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/my.domain.com/fullchain.pem (failure)

Certbot's behavior differed from what I expected because:

I thought it would succeed, but getting this error. I googled around, but did not find answer

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.
2018-01-24 14:37:08,200:DEBUG:certbot.main:Arguments: ['--dry-run']
2018-01-24 14:37:08,200:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-01-24 14:37:08,218:DEBUG:certbot.log:Root logging level set at 20
2018-01-24 14:37:08,218:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-01-24 14:37:08,232:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x206cbd0> and installer <certbot.cli._Default object at 0x206cbd0>
2018-01-24 14:37:08,232:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x205c550>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x205bf10>, apache=<certbot.cli._Default object at 0x206ced0>, apache_challenge_location=<certbot.cli._Default object at 0x210bc90>, apache_ctl=<certbot.cli._Default object at 0x210b490>, apache_dismod=<certbot.cli._Default object at 0x210bf50>, apache_enmod=<certbot.cli._Default object at 0x210be50>, apache_handle_modules=<certbot.cli._Default object at 0x210b990>, apache_handle_sites=<certbot.cli._Default object at 0x210b690>, apache_init_script=<certbot.cli._Default object at 0x210b2d0>, apache_le_vhost_ext=<certbot.cli._Default object at 0x210c0d0>, apache_logs_root=<certbot.cli._Default object at 0x210bfd0>, apache_server_root=<certbot.cli._Default object at 0x210c210>, apache_vhost_root=<certbot.cli._Default object at 0x210c310>, authenticator=<certbot.cli._Default object at 0x206cbd0>, break_my_certs=<certbot.cli._Default object at 0x20694d0>, cert_path=<certbot.cli._Default object at 0x206c3d0>, certname=<certbot.cli._Default object at 0x2059050>, chain_path=<certbot.cli._Default object at 0x206c6d0>, checkpoints=<certbot.cli._Default object at 0x206ae90>, config_dir=<certbot.cli._Default object at 0x206c7d0>, config_file=None, configurator=<certbot.cli._Default object at 0x206cbd0>, csr=<certbot.cli._Default object at 0x206ac90>, debug=<certbot.cli._Default object at 0x205e910>, debug_challenges=<certbot.cli._Default object at 0x205ee90>, deploy_hook=<certbot.cli._Default object at 0x206a510>, dialog=None, directory_hooks=<certbot.cli._Default object at 0x206a710>, dns_cloudflare=<certbot.cli._Default object at 0x210b410>, dns_cloudxns=<certbot.cli._Default object at 0x210b510>, dns_digitalocean=<certbot.cli._Default object at 0x210b610>, dns_dnsimple=<certbot.cli._Default object at 0x210b710>, dns_dnsmadeeasy=<certbot.cli._Default object at 0x210b810>, dns_google=<certbot.cli._Default object at 0x210b910>, dns_luadns=<certbot.cli._Default object at 0x210ba10>, dns_nsone=<certbot.cli._Default object at 0x210bb10>, dns_rfc2136=<certbot.cli._Default object at 0x210bc10>, dns_route53=<certbot.cli._Default object at 0x210bd10>, domains=<certbot.cli._Default object at 0x20520d0>, dry_run=True, duplicate=<certbot.cli._Default object at 0x205c790>, eff_email=<certbot.cli._Default object at 0x2059ed0>, email=<certbot.cli._Default object at 0x2059b10>, expand=<certbot.cli._Default object at 0x205b790>, force_interactive=<certbot.cli._Default object at 0x205ed90>, fullchain_path=<certbot.cli._Default object at 0x206c5d0>, func=<function renew at 0x1f74848>, hsts=<certbot.cli._Default object at 0x20699d0>, http01_address=<certbot.cli._Default object at 0x20693d0>, http01_port=<certbot.cli._Default object at 0x20692d0>, ifaces=<certbot.cli._Default object at 0x206c1d0>, init=<certbot.cli._Default object at 0x206af90>, installer=<certbot.cli._Default object at 0x206cbd0>, key_path=<certbot.cli._Default object at 0x206c4d0>, logs_dir=<certbot.cli._Default object at 0x206c9d0>, manual=<certbot.cli._Default object at 0x210b210>, manual_auth_hook=<certbot.cli._Default object at 0x210be10>, manual_cleanup_hook=<certbot.cli._Default object at 0x206cd50>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x206cb50>, max_log_backups=<certbot.cli._Default object at 0x205eb90>, must_staple=<certbot.cli._Default object at 0x20696d0>, nginx=<certbot.cli._Default object at 0x206cfd0>, no_bootstrap=<certbot.cli._Default object at 0x205ce90>, no_self_upgrade=<certbot.cli._Default object at 0x205cc50>, no_verify_ssl=<certbot.cli._Default object at 0x205ef90>, noninteractive_mode=<certbot.cli._Default object at 0x205ec90>, num=<certbot.cli._Default object at 0x206a990>, os_packages_only=<certbot.cli._Default object at 0x205ca10>, post_hook=<certbot.cli._Default object at 0x206a310>, pre_hook=<certbot.cli._Default object at 0x206a210>, pref_challs=<certbot.cli._Default object at 0x206a110>, prepare=<certbot.cli._Default object at 0x206c0d0>, quiet=<certbot.cli._Default object at 0x205ed10>, reason=<certbot.cli._Default object at 0x206ad90>, redirect=<certbot.cli._Default object at 0x20697d0>, register_unsafely_without_email=<certbot.cli._Default object at 0x2059590>, reinstall=<certbot.cli._Default object at 0x205b450>, renew_by_default=<certbot.cli._Default object at 0x205ba90>, renew_hook=<certbot.cli._Default object at 0x206a410>, renew_with_new_domains=<certbot.cli._Default object at 0x205bcd0>, rsa_key_size=<certbot.cli._Default object at 0x20695d0>, server=<certbot.cli._Default object at 0x206cad0>, staging=<certbot.cli._Default object at 0x205eb10>, standalone=<certbot.cli._Default object at 0x210b110>, standalone_supported_challenges=<certbot.cli._Default object at 0x206c990>, staple=<certbot.cli._Default object at 0x2069dd0>, strict_permissions=<certbot.cli._Default object at 0x2069fd0>, text_mode=<certbot.cli._Default object at 0x205ea90>, tls_sni_01_address=<certbot.cli._Default object at 0x20691d0>, tls_sni_01_port=<certbot.cli._Default object at 0x20690d0>, tos=<certbot.cli._Default object at 0x205c310>, uir=<certbot.cli._Default object at 0x2069bd0>, update_registration=<certbot.cli._Default object at 0x20598d0>, user_agent=<certbot.cli._Default object at 0x206aa90>, user_agent_comment=<certbot.cli._Default object at 0x206ab50>, validate_hooks=<certbot.cli._Default object at 0x206a610>, verb='renew', verbose_count=<certbot.cli._Default object at 0x205e990>, webroot=<certbot.cli._Default object at 0x210b310>, webroot_map=<certbot.cli._Default object at 0x206c590>, webroot_path=<certbot.cli._Default object at 0x210b0d0>, work_dir=<certbot.cli._Default object at 0x206c8d0>)
2018-01-24 14:37:08,241:INFO:certbot.renewal:Cert not due for renewal, but simulating renewal for dry run
2018-01-24 14:37:08,244:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer apache
2018-01-24 14:37:08,367:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2018-01-24 14:37:08,767:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x206ac10>
Prep: True
2018-01-24 14:37:09,044:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x206ad50>
Prep: True
2018-01-24 14:37:09,044:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x206ad50> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x206ac10>
2018-01-24 14:37:09,045:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer apache
2018-01-24 14:37:09,074:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=u'valid', contact=(), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x168eb90>)>)), uri=u'https://acme-staging.api.letsencrypt.org/acme/reg/5438609', new_authzr_uri=u'https://acme-staging.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 61ec454bf50a2e4bfdb5d3efbad35495, Meta(creation_host=u'CentOS-74-64-minimal', creation_dt=datetime.datetime(2018, 1, 24, 13, 34, 38, tzinfo=<UTC>)))>
2018-01-24 14:37:09,083:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/directory.
2018-01-24 14:37:09,088:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2018-01-24 14:37:09,313:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 582
2018-01-24 14:37:09,314:DEBUG:acme.client:Received response:
HTTP 200
content-length: 582
expires: Wed, 24 Jan 2018 14:37:09 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Wed, 24 Jan 2018 14:37:09 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: ABcZN4XtYfuoQ2pqaRVAcCMbOAWBpO17mh6mC1HqFF4

{
  "key-change": "https://acme-staging.api.letsencrypt.org/acme/key-change",
  "meta": {
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
  "qe1sXo5q2C4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert"
}
2018-01-24 14:37:09,315:INFO:certbot.hooks:Running pre-hook command: systemctl stop httpd
2018-01-24 14:37:10,378:INFO:certbot.main:Renewing an existing certificate
2018-01-24 14:37:10,381:DEBUG:acme.client:Requesting fresh nonce
2018-01-24 14:37:10,381:DEBUG:acme.client:Sending HEAD request to https://acme-staging.api.letsencrypt.org/acme/new-authz.
2018-01-24 14:37:10,576:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2018-01-24 14:37:10,577:DEBUG:acme.client:Received response:
HTTP 405
content-length: 91
pragma: no-cache
expires: Wed, 24 Jan 2018 14:37:10 GMT
server: nginx
connection: keep-alive
allow: POST
cache-control: max-age=0, no-cache, no-store
date: Wed, 24 Jan 2018 14:37:10 GMT
content-type: application/problem+json
replay-nonce: YSrhuzwzM9Hp82dYD_CKYTPu2UBlMZa03u6lNz9eqAM

2018-01-24 14:37:10,578:DEBUG:acme.client:Storing nonce: YSrhuzwzM9Hp82dYD_CKYTPu2UBlMZa03u6lNz9eqAM
2018-01-24 14:37:10,578:DEBUG:acme.client:JWS payload:
{
  "identifier": {
    "type": "dns", 
    "value": "my.domain.com"
  }, 
  "resource": "new-authz"
}
2018-01-24 14:37:10,583:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/new-authz:
{
  "protected": "eyJub25jZSI6ICJZU3JodXp3ek05SHA4MmRZRF9DS1lUUHUyVUJsTVphMDN1NmxOejllcUFNIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAic1g5NlZJb0R6WkxLSF9aVXhMdTVkVS1MdFFPakxacWx0Vmtod2t2dVluY24tNWVUbWJUVzdGbG1mUVNjV29pZ09LbmUyRGdfTVVKa3E5XzVhRmQxZzNUbk1xU2ZZNWpmd0xGMllGZEhRN3JjWE9ESEMtZUNGcmxuMEh0dDlLMHZ6dWNCdnVjSlRTSlJaX0U3RVhqU3AycU1iNTFJbWhKWjVhZTFmZl9nZ2lNMWhNQkVGQ1JpeXNaT3A5eXVJUnF2TFhMQ0JWTmw3Sms1R0ZKUVBCMnBhb3U3OGhzMEhDNEVFQ1dSZlNXLUVFZnVfWlpjcXQyTTBPRkszR2Y1TF84U0dEVlBKc1JWMVROclpRVHR4ZDVLcWhNQTNDOEtrYnczTHVraFBrWUVtLXlDYS1aaWQxUWZZSXBrZ1FnNnB5bzgyWEc1X0NaQzFqdktoTlFxWjQtN2J3In19", 
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAibmhjLm1vZGVyYW4ubmV0IgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0", 
  "signature": "cwT8Fb3wvvuX9sQRwNk4VSa_8OL1127I74289KnSuk7wvCGZi24tZ4xYd04D3Xz32FVkzx8KRABpS-hFyVpkznfwOEW_fGORImyvplnZSosPSG0dThcIBsdel0BCGjVtQwRoHlYAWewq1sK1yjzuYarhwn3erVjtKeVgc2H5SLdojQYbWJigP-cX-pFF8jDxrVi-6mgLkfifB77CXDQkdrJflUJqgKdsIy9kWQa7UNRlZ7cPYyuMwgkkQUCLKdQWdJ9t4jUuOZsa8CHmBnT4uPD5he0t4b1U9tm3C0nW4vl2n2kmclQSmPxGctz-eoxkaDGuy0O6SxKrJw8BdQGCUQ"
}
2018-01-24 14:37:10,819:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1220
2018-01-24 14:37:10,820:DEBUG:acme.client:Received response:
HTTP 201
content-length: 1220
expires: Wed, 24 Jan 2018 14:37:10 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
location: https://acme-staging.api.letsencrypt.org/acme/authz/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8
pragma: no-cache
boulder-requester: 5438609
date: Wed, 24 Jan 2018 14:37:10 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: CvIZO27pXzzcCOyEB7cPXvtsmN1Yj-_n7dOrwfOca8s

{
  "identifier": {
    "type": "dns",
    "value": "my.domain.com"
  },
  "status": "valid",
  "expires": "2018-02-23T13:34:40Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423090",
      "token": "W8XqymfH3MKkpmeGOyOfjbZrka6Ca8h0vgDUa31sa8Q"
    },
    {
      "type": "http-01",
      "status": "valid",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423091",
      "token": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0",
      "keyAuthorization": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0.J2BDXI19j05-cuPecC1iWkUjLXwHCUi-FKxXORR2aBQ",
      "validationRecord": [
        {
          "url": "http://my.domain.com/.well-known/acme-challenge/IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0",
          "hostname": "my.domain.com",
          "port": "80",
          "addressesResolved": [
            "XX.XX.XX.XX"
          ],
          "addressUsed": "XX.XX.XX.XX",
          "addressesTried": []
        }
      ]
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ]
  ]
}
2018-01-24 14:37:10,820:DEBUG:acme.client:Storing nonce: CvIZO27pXzzcCOyEB7cPXvtsmN1Yj-_n7dOrwfOca8s
2018-01-24 14:37:10,821:INFO:certbot.auth_handler:Performing the following challenges:
2018-01-24 14:37:10,822:INFO:certbot.auth_handler:http-01 challenge for my.domain.com
2018-01-24 14:37:10,823:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2018-01-24 14:37:10,829:INFO:certbot.auth_handler:Waiting for verification...
2018-01-24 14:37:10,830:DEBUG:acme.client:JWS payload:
{
  "keyAuthorization": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0.J2BDXI19j05-cuPecC1iWkUjLXwHCUi-FKxXORR2aBQ", 
  "type": "http-01", 
  "resource": "challenge"
}
2018-01-24 14:37:10,833:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423091:
{
  "protected": "eyJub25jZSI6ICJDdklaTzI3cFh6emNDT3lFQjdjUFh2dHNtTjFZai1fbjdkT3J3Zk9jYThzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAic1g5NlZJb0R6WkxLSF9aVXhMdTVkVS1MdFFPakxacWx0Vmtod2t2dVluY24tNWVUbWJUVzdGbG1mUVNjV29pZ09LbmUyRGdfTVVKa3E5XzVhRmQxZzNUbk1xU2ZZNWpmd0xGMllGZEhRN3JjWE9ESEMtZUNGcmxuMEh0dDlLMHZ6dWNCdnVjSlRTSlJaX0U3RVhqU3AycU1iNTFJbWhKWjVhZTFmZl9nZ2lNMWhNQkVGQ1JpeXNaT3A5eXVJUnF2TFhMQ0JWTmw3Sms1R0ZKUVBCMnBhb3U3OGhzMEhDNEVFQ1dSZlNXLUVFZnVfWlpjcXQyTTBPRkszR2Y1TF84U0dEVlBKc1JWMVROclpRVHR4ZDVLcWhNQTNDOEtrYnczTHVraFBrWUVtLXlDYS1aaWQxUWZZSXBrZ1FnNnB5bzgyWEc1X0NaQzFqdktoTlFxWjQtN2J3In19", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIklZcjQ0dEYtV1lrRWZjM2JVNHRNdXhxUUo4c1JfaXFuaVRQUnJiWHEtVjAuSjJCRFhJMTlqMDUtY3VQZWNDMWlXa1VqTFh3SENVaS1GS3hYT1JSMmFCUSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", 
  "signature": "Rh-AISqt11ioqTs6vbBWskgleJ_VjLM0CaKZ_YAyLIOWxuzXng2fuHtbyO7dQ_xV2-MxWP9jna6Y63rF6GXKLJvP7jA7qJVlYHxqiNHdjz5AqdNrxyXZRYzFosVkvhYHMvA53lPjRbToeHAwcTYO2q6aefyiBwRTC0czXoR071-ulV-O2JgaCor8EVspRFb2mCo24DI8TAwgGV87UgCzg_fEmKjuF4Fho1fabOjQ6KXEpUC7Ot9Bux072XGh95AcwsI3cL6lTYLZs-8l6B3YiciHYh_XAvtYG_l1vMvgAF4-HYpwtIwIHZlKYO7d8avfvMAetip3NR5Of2ptENofoA"
}
2018-01-24 14:37:11,053:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423091 HTTP/1.1" 202 671
2018-01-24 14:37:11,054:DEBUG:acme.client:Received response:
HTTP 202
content-length: 671
cache-control: max-age=0, no-cache, no-store
expires: Wed, 24 Jan 2018 14:37:11 GMT
server: nginx
connection: keep-alive
link: <https://acme-staging.api.letsencrypt.org/acme/authz/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8>;rel="up"
location: https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423091
pragma: no-cache
boulder-requester: 5438609
date: Wed, 24 Jan 2018 14:37:11 GMT
content-type: application/json
replay-nonce: Fm7xb-jr1vazCUCIJYavQhefiM6ZrzFZsqPpZhVtEMY

{
  "type": "http-01",
  "status": "valid",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423091",
  "token": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0",
  "keyAuthorization": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0.J2BDXI19j05-cuPecC1iWkUjLXwHCUi-FKxXORR2aBQ",
  "validationRecord": [
    {
      "url": "http://my.domain.com/.well-known/acme-challenge/IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0",
      "hostname": "my.domain.com",
      "port": "80",
      "addressesResolved": [
        "XX.XX.XX.XX"
      ],
      "addressUsed": "XX.XX.XX.XX",
      "addressesTried": []
    }
  ]
}
2018-01-24 14:37:11,055:DEBUG:acme.client:Storing nonce: Fm7xb-jr1vazCUCIJYavQhefiM6ZrzFZsqPpZhVtEMY
2018-01-24 14:37:14,058:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/acme/authz/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8.
2018-01-24 14:37:14,306:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8 HTTP/1.1" 200 1220
2018-01-24 14:37:14,308:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1220
expires: Wed, 24 Jan 2018 14:37:14 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Wed, 24 Jan 2018 14:37:14 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: iUase7FgwkzJ2jLf3B-9traoPAiv5H2T3XPK5BWBYGw

{
  "identifier": {
    "type": "dns",
    "value": "my.domain.com"
  },
  "status": "valid",
  "expires": "2018-02-23T13:34:40Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423090",
      "token": "W8XqymfH3MKkpmeGOyOfjbZrka6Ca8h0vgDUa31sa8Q"
    },
    {
      "type": "http-01",
      "status": "valid",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/mIzIzaU9VnKlfo_Z8HxTivRjdR0wv5rRwVmseIBhxV8/95423091",
      "token": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0",
      "keyAuthorization": "IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0.J2BDXI19j05-cuPecC1iWkUjLXwHCUi-FKxXORR2aBQ",
      "validationRecord": [
        {
          "url": "http://my.domain.com/.well-known/acme-challenge/IYr44tF-WYkEfc3bU4tMuxqQJ8sR_iqniTPRrbXq-V0",
          "hostname": "my.domain.com",
          "port": "80",
          "addressesResolved": [
            "XX.XX.XX.XX"
          ],
          "addressUsed": "XX.XX.XX.XX",
          "addressesTried": []
        }
      ]
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ]
  ]
}
2018-01-24 14:37:14,310:INFO:certbot.auth_handler:Cleaning up challenges
2018-01-24 14:37:14,311:DEBUG:certbot.plugins.standalone:Stopping server at :::80...
2018-01-24 14:37:14,526:DEBUG:certbot.client:CSR: CSR(file=None, data='-----BEGIN CERTIFICATE REQUEST-----\nMIICcjCCAVoCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEa\nzfzf990Ce3O+8y9vkR0/DGR7vfn52TwWhgWV0IgPozpipOpxR1kMetB3+zevno/e\nbkTDJJkr+069/X/8QeoBj/BF9S/Q60Sh3L+T+GSqDdJUdy8GlU7UotciyBx8Zl7P\nHuwiqzKU4tj18+2NdFNlhgfGfD2iZFjMY5osnEUkGT301crTBRJqNjRhTwC/8/Df\n/uXLXR59hv8Q7blX/93xkLKTHICUXDWBuYJkL1AGd4HI1eXdRH0MBo4v9PAET1fp\nYJKgwcEMJjCBVZtsqxV+fwgHrbiC95YZASVSBHIX6Ayx+unAzWrrc2tA7IVkhg0l\nIkNlJq3DQdEKzXWFiGECAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMw\nEYIPbmhjLm1vZGVyYW4ubmV0MA0GCSqGSIb3DQEBCwUAA4IBAQCMtjUYmSnB5Ln3\nJSSnZ6BL/A069MiKkuFaT54tdEKTpJQVukhXSMsoeRYiu51QWeHmTxLz+5V9eDtB\n+pemrWVZSNHtN0Kz8pWKeD+6ZU0rVFNWYo8mTh9HoWGk/+bpajLnJVyqRVZc208a\nRvaggOKrrsdZO2V1yYW21yAfNc1oU/ur028NtTYbyPSY4B40yTbEYlY7ShNPc8+Q\n3Y7MunmUQP8daUhKT83+Q/T6KXB3OcFZPF7Arvc99DsoG+DvcUDBevF9Oinh11yI\n30JbXa5NGAef61CiGeOt8TecfDRz+YyoKQUPCVPgURH0kzkKxmPUJShI1Bz0Pn/N\nHjk6UFxL\n-----END CERTIFICATE REQUEST-----\n', form='pem'), domains: [u'my.domain.com']
2018-01-24 14:37:14,526:DEBUG:acme.client:Requesting issuance...
2018-01-24 14:37:14,527:DEBUG:acme.client:JWS payload:
{
  "resource": "new-cert", 
  "csr": "MIICcjCCAVoCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEazfzf990Ce3O-8y9vkR0_DGR7vfn52TwWhgWV0IgPozpipOpxR1kMetB3-zevno_ebkTDJJkr-069_X_8QeoBj_BF9S_Q60Sh3L-T-GSqDdJUdy8GlU7UotciyBx8Zl7PHuwiqzKU4tj18-2NdFNlhgfGfD2iZFjMY5osnEUkGT301crTBRJqNjRhTwC_8_Df_uXLXR59hv8Q7blX_93xkLKTHICUXDWBuYJkL1AGd4HI1eXdRH0MBo4v9PAET1fpYJKgwcEMJjCBVZtsqxV-fwgHrbiC95YZASVSBHIX6Ayx-unAzWrrc2tA7IVkhg0lIkNlJq3DQdEKzXWFiGECAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMwEYIPbmhjLm1vZGVyYW4ubmV0MA0GCSqGSIb3DQEBCwUAA4IBAQCMtjUYmSnB5Ln3JSSnZ6BL_A069MiKkuFaT54tdEKTpJQVukhXSMsoeRYiu51QWeHmTxLz-5V9eDtB-pemrWVZSNHtN0Kz8pWKeD-6ZU0rVFNWYo8mTh9HoWGk_-bpajLnJVyqRVZc208aRvaggOKrrsdZO2V1yYW21yAfNc1oU_ur028NtTYbyPSY4B40yTbEYlY7ShNPc8-Q3Y7MunmUQP8daUhKT83-Q_T6KXB3OcFZPF7Arvc99DsoG-DvcUDBevF9Oinh11yI30JbXa5NGAef61CiGeOt8TecfDRz-YyoKQUPCVPgURH0kzkKxmPUJShI1Bz0Pn_NHjk6UFxL"
}
2018-01-24 14:37:14,531:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/new-cert:
{
  "protected": "eyJub25jZSI6ICJGbTd4Yi1qcjF2YXpDVUNJSllhdlFoZWZpTTZacnpGWnNxUHBaaFZ0RU1ZIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAic1g5NlZJb0R6WkxLSF9aVXhMdTVkVS1MdFFPakxacWx0Vmtod2t2dVluY24tNWVUbWJUVzdGbG1mUVNjV29pZ09LbmUyRGdfTVVKa3E5XzVhRmQxZzNUbk1xU2ZZNWpmd0xGMllGZEhRN3JjWE9ESEMtZUNGcmxuMEh0dDlLMHZ6dWNCdnVjSlRTSlJaX0U3RVhqU3AycU1iNTFJbWhKWjVhZTFmZl9nZ2lNMWhNQkVGQ1JpeXNaT3A5eXVJUnF2TFhMQ0JWTmw3Sms1R0ZKUVBCMnBhb3U3OGhzMEhDNEVFQ1dSZlNXLUVFZnVfWlpjcXQyTTBPRkszR2Y1TF84U0dEVlBKc1JWMVROclpRVHR4ZDVLcWhNQTNDOEtrYnczTHVraFBrWUVtLXlDYS1aaWQxUWZZSXBrZ1FnNnB5bzgyWEc1X0NaQzFqdktoTlFxWjQtN2J3In19", 
  "payload": "ewogICJyZXNvdXJjZSI6ICJuZXctY2VydCIsIAogICJjc3IiOiAiTUlJQ2NqQ0NBVm9DQVFJd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxFYXpmemY5OTBDZTNPLTh5OXZrUjBfREdSN3ZmbjUyVHdXaGdXVjBJZ1BvenBpcE9weFIxa01ldEIzLXpldm5vX2Via1RESkprci0wNjlfWF84UWVvQmpfQkY5U19RNjBTaDNMLVQtR1NxRGRKVWR5OEdsVTdVb3RjaXlCeDhabDdQSHV3aXF6S1U0dGoxOC0yTmRGTmxoZ2ZHZkQyaVpGak1ZNW9zbkVVa0dUMzAxY3JUQlJKcU5qUmhUd0NfOF9EZl91WExYUjU5aHY4UTdibFhfOTN4a0xLVEhJQ1VYRFdCdVlKa0wxQUdkNEhJMWVYZFJIME1CbzR2OVBBRVQxZnBZSktnd2NFTUpqQ0JWWnRzcXhWLWZ3Z0hyYmlDOTVZWkFTVlNCSElYNkF5eC11bkF6V3JyYzJ0QTdJVmtoZzBsSWtObEpxM0RRZEVLelhXRmlHRUNBd0VBQWFBdE1Dc0dDU3FHU0liM0RRRUpEakVlTUJ3d0dnWURWUjBSQkJNd0VZSVBibWhqTG0xdlpHVnlZVzR1Ym1WME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ010alVZbVNuQjVMbjNKU1NuWjZCTF9BMDY5TWlLa3VGYVQ1NHRkRUtUcEpRVnVraFhTTXNvZVJZaXU1MVFXZUhtVHhMei01VjllRHRCLXBlbXJXVlpTTkh0TjBLejhwV0tlRC02WlUwclZGTldZbzhtVGg5SG9XR2tfLWJwYWpMbkpWeXFSVlpjMjA4YVJ2YWdnT0tycnNkWk8yVjF5WVcyMXlBZk5jMW9VX3VyMDI4TnRUWWJ5UFNZNEI0MHlUYkVZbFk3U2hOUGM4LVEzWTdNdW5tVVFQOGRhVWhLVDgzLVFfVDZLWEIzT2NGWlBGN0FydmM5OURzb0ctRHZjVURCZXZGOU9pbmgxMXlJMzBKYlhhNU5HQWVmNjFDaUdlT3Q4VGVjZkRSei1ZeW9LUVVQQ1ZQZ1VSSDBremtLeG1QVUpTaEkxQnowUG5fTkhqazZVRnhMIgp9", 
  "signature": "dxBlIQ7f6b1YqGtJrCsaXjyw0AbxyMM0nAbk-VtyOGstO47bq6kpas7qySSdx9BiJ1xrOhp2XMo4v1CLd5OqRdzkB6yQhPjbwuQR-o4KCqS1XxffBMrMYJ4f7uc84_EMl36RWM12hRc3DnfN9HnBCxA92PUcMXvN-dGVL7R4-zD59caCbS1eBoHWu-Y3VzVz5_744hsCZEK2pWtrXzHzTXQZAq3_nbaek9DW-RrjBP7zHLTBjbVQduDkcWaFeHClmuzCjuYX7H6ndYsCG8Hb0o7aO-wMow47mfyRUJPPyA7bZkm821A3C8Nf6fJJ-6oPI3_3Syd3iyFOXtJnFDYzWQ"
}
2018-01-24 14:37:14,742:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 201 1254
2018-01-24 14:37:14,743:DEBUG:acme.client:Received response:
HTTP 201
content-length: 1254
expires: Wed, 24 Jan 2018 14:37:14 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging.api.letsencrypt.org/acme/issuer-cert>;rel="up"
location: https://acme-staging.api.letsencrypt.org/acme/cert/fa3cda65bf2a0ce0a232fcd632f201267a52
pragma: no-cache
boulder-requester: 5438609
date: Wed, 24 Jan 2018 14:37:14 GMT
x-frame-options: DENY
content-type: application/pkix-cert
replay-nonce: MfPR_GivbWz-12R_LATAyIlGZp2KNE2URWbJQcce6Xc

MIIE4jCCA8qgAwIBAgITAPo82mW/KgzgojL81jLyASZ6UjANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xODAxMjQxMzM3MTRaFw0xODA0MjQxMzM3MTRaMBoxGDAWBgNVBAMTD25oYy5tb2RlcmFuLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEazfzf990Ce3O+8y9vkR0/DGR7vfn52TwWhgWV0IgPozpipOpxR1kMetB3+zevno/ebkTDJJkr+069/X/8QeoBj/BF9S/Q60Sh3L+T+GSqDdJUdy8GlU7UotciyBx8Zl7PHuwiqzKU4tj18+2NdFNlhgfGfD2iZFjMY5osnEUkGT301crTBRJqNjRhTwC/8/Df/uXLXR59hv8Q7blX/93xkLKTHICUXDWBuYJkL1AGd4HI1eXdRH0MBo4v9PAET1fpYJKgwcEMJjCBVZtsqxV+fwgHrbiC95YZASVSBHIX6Ayx+unAzWrrc2tA7IVkhg0lIkNlJq3DQdEKzXWFiGECAwEAAaOCAhcwggITMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUP1m44Y+TWxdl5dWpxKphDwwJrb8wHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD25oYy5tb2RlcmFuLm5ldDCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBypYayy54GG4fBSpyDj0+/7YXqTuewvXxwqIKLKegbpfRLTkSLuYSQRIz5aVd62Bueqi9iOgTf6ts64OiPNpi8UxuQepAK/ALAGKSf3JkN0CUQ6bRYPQgmyazkGCYtEphpgIekgC51kPSvkwwr13rznQvOJishrugK1spugyY7H4A2USQCjp6U+Ayr1DbV7tKjjWzCVRlX1h76qNetlvrKSWuHrfpRQFPP7JT2NkN8+7DhpV7OqVqoP55LLE21ml1zRDX0/SgSPTs2Qy7yrA30sVdGmXPyUIx7UBTXw9kbp49BQArI7SJmMSYj8vuD+V/IHOy3oc5MtpqKzXctKDl7
2018-01-24 14:37:14,743:DEBUG:acme.client:Storing nonce: MfPR_GivbWz-12R_LATAyIlGZp2KNE2URWbJQcce6Xc
2018-01-24 14:37:14,779:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/acme/issuer-cert.
2018-01-24 14:37:14,969:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/issuer-cert HTTP/1.1" 200 1199
2018-01-24 14:37:14,970:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1199
expires: Wed, 24 Jan 2018 14:37:14 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Wed, 24 Jan 2018 14:37:14 GMT
x-frame-options: DENY
content-type: application/pkix-cert
replay-nonce: mMblv78mMAiPErjp_SAdHl_p4tIl-k1d9Hwy510cMyQ

MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB08jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPymoLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCNxDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQub3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2VuY3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkqhkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjFUGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zpDQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99XyfzWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCIPTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2wSVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uytn5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
2018-01-24 14:37:14,991:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/my.domain.com
2018-01-24 14:37:15,122:ERROR:certbot.util:Error while running apachectl graceful.

Job for httpd.service invalid.

2018-01-24 14:37:15,122:WARNING:certbot.renewal:Attempting to renew cert (my.domain.com) from /etc/letsencrypt/renewal/my.domain.com.conf produced an unexpected error: Error while running apachectl graceful.

Job for httpd.service invalid.
. Skipping.
2018-01-24 14:37:15,124:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 425, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 753, in renew_cert
    installer.restart()
  File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1793, in restart
    self._reload()
  File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1804, in _reload
    raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apachectl graceful.

Job for httpd.service invalid.

2018-01-24 14:37:15,125:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2018-01-24 14:37:15,125:ERROR:certbot.renewal:  /etc/letsencrypt/live/my.domain.com/fullchain.pem (failure)
2018-01-24 14:37:15,125:INFO:certbot.hooks:Running post-hook command: systemctl start httpd
2018-01-24 14:37:15,228:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.20.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 861, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 797, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 443, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

ServerName my.domain.com
SSLCertificateFile /etc/letsencrypt/live/my.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/my.domain.com/chain.pem
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
SwartzCr commented 6 years ago

I'm pretty sure this is a duplicate of #5439 - which is that we can't use the term graceful anymore with that version of httpd. I'm going to mark this as a duplicate and close it in favor of the existing one. Hopefully @joohoi can get a fix in time for our next release

gsoulas commented 6 years ago

My solution is :

bong0 commented 6 years ago

For me, the following workaround worked (I'm running debian 8/jessie and the issue appeared a few days ago (20. May):

In my crontab, I run: certbot-auto renew --installer None --authenticator standalone --pre-hook "apache2ctl stop; sleep 1;" --post-hook "apache2ctl start" --agree-tos

This line just falls back to forcing the use of the standalone webserver at the cost of bringing apache down

which gives probably a bit more downtime but should be fine if you do it at night. Note it doesn't do any of the configuration magic the apache module maybe does but it's good to get it running again at least.