httpd lens Apache parsing error with unclosed tags

[jsoref]

apache2 (e.g. apachectl -S or apachectl reload) doesn't mind if you have something like:

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
</VirtualHost>

But the lens will complain that there's a syntax error on that last line (because there's a missing </IfModule>).

The end result to a consumer of certbot is something like:

certbot._internal.plugins.disco:Other error:(PluginEntryPoint#apache): There has been an error in parsing the file /etc/apache2/sites-enabled/something.example.com-le-ssl.conf on line 25: Syntax error

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 111, in prepare
    self._initialized.prepare()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 389, in prepare
    self.parser.check_parsing_errors("httpd.aug")
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/parser.py", line 122, in check_parsing_errors
    raise errors.PluginError(msg)

[igalic]

So what you have there is a Include vhosts/*.conf stanza, and then in those files you have a bunch of VirtualHosts, some of which have bunch of Vhost defintions, and taken together, to Apache httpd this looks somewhat like this

#v1
<VirtualHost *:80>
  ServerName v1
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName v1
</VirtualHost>
# nothing to see here!

#v2 
<VirtualHost *:80>
  ServerName v2
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName v1
</VirtualHost>
</IfModule>

So the only reason why apachectl doesn't complain, is because it sees the full picture. my opinion is that it should complain.

[jsoref]

😵

[jsoref]

Apache2 conforms to Postel's law

[igalic]

https://datatracker.ietf.org/doc/html/rfc9413