If you can’t renew your let’s encrypt certificates like me on FreeBSD (because the httpd process always crash), here is the solution!<\/p>\n
<\/p>\n
When you try to renew manually (but it’s the same with the automated method), you get the following error:<\/p>\n
root@debnar:~ # certbot renew –dry-run
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<\/p>\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nProcessing \/usr\/local\/etc\/letsencrypt\/renewal\/debnar.org-0001.conf
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nSimulating renewal of an existing certificate for debnar.org<\/p>\nCertbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
\nDomain: debnar.org
\nType: \u00a0\u00a0connection
\nDetail: 158.220.114.171: Fetching http:\/\/debnar.org\/.well-known\/acme-challenge\/E: Connection refused<\/p>\nHint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.<\/p>\n
Error while running apachectl graceful.<\/strong>
\napache24 not running? (check \/var\/run\/httpd.pid).<\/strong><\/p>\nUnable to restart apache using [‘apachectl’, ‘graceful’]
\nEncountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apachectl graceful.
\napache24 not running? (check \/var\/run\/httpd.pid).
\nFailed to renew certificate debnar.org-0001 with error: Some challenges have failed.<\/p><\/blockquote>\nThere is a bug in the apachectl graceful restart: if you try to restart gracefully then apache crashes:<\/p>\n
Jul 28 08:06:02 debnar kernel: pid 8217 (httpd), jid 0, uid 0: exited on signal 11 (core dumped)<\/p><\/blockquote>\n
whops. Here is the workaround: simple modify the certbot’s python code to do a full restart instead of a graceful restart. Of course it’s more aggressive and probably wouldn’t do on a production system, but hey.<\/p>\n
vim \/usr\/local\/lib\/python3.9\/site-packages\/certbot_apache\/_internal\/configurator.py<\/p><\/blockquote>\n
And replace this line (84th line):<\/p>\n
self.restart_cmd = [‘apachectl’, ‘graceful’] if not restart_cmd else restart_cmd<\/p><\/blockquote>\n
to this<\/p>\n
self.restart_cmd = [‘apachectl’, ‘restart’] if not restart_cmd else restart_cmd<\/p><\/blockquote>\n
Now it works like a charm:<\/p>\n
root@debnar:~ # certbot renew –dry-run
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<\/p>\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nProcessing \/usr\/local\/etc\/letsencrypt\/renewal\/debnar.org-0001.conf
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nSimulating renewal of an existing certificate for debnar.org<\/p>\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nCongratulations, all simulated renewals succeeded:
\n\/usr\/local\/etc\/letsencrypt\/live\/debnar.org-0001\/fullchain.pem (success)
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nroot@debnar:~ #<\/p><\/blockquote>\nAlso don’t forget: you have to do this after every certbot update.<\/p>\n","protected":false},"excerpt":{"rendered":"
If you can’t renew your let’s encrypt certificates like me on FreeBSD (because the httpd process always crash), here is the solution!<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[94,17],"tags":[112,108,117,110,111,115,61,109,114,113,116,118],"class_list":["post-313","post","type-post","status-publish","format-standard","hentry","category-english","category-freebsd","tag-14-0","tag-apache","tag-certificate","tag-crash","tag-dumped","tag-encrypt","tag-freebsd","tag-graceful","tag-lets","tag-letsencrypt","tag-r3","tag-renewal"],"_links":{"self":[{"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=\/wp\/v2\/posts\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=313"}],"version-history":[{"count":1,"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=\/wp\/v2\/posts\/313\/revisions"}],"predecessor-version":[{"id":314,"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=\/wp\/v2\/posts\/313\/revisions\/314"}],"wp:attachment":[{"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/debnar.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}