Web Hosting Monkey
menu icon

The Apache Plugin Is Not Working (Solved)

Updated: July 2, 2021

This error came up when Certbot was executed to install or renew Let’s Encrypt SSL certificates on Apache: Error running command for runtime parameters! The apache plugin is not working; there may be problems with your existing configuration. I’ll tell you how this problem was solved.

The Problem: Apache Plugin Error

Let’s take a look at the details of this Certbot error message below.

[login@linux ~]# certbot --apache
Saving debug log to /var /log / letsencrypt /letsencrypt.log
Error running command ['apachectl', '-t', '-D', 'DUMP_INCLUDES'] for runtime parameters!
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError ("Error accessing loaded Apache parameters: ['apachectl', '-t', '-D', 'DUMP_INCLUDES']",)

The screen above indicates that there was a misconfiguration error when Certbot was run with Apache as the argument and the Apache plugin appeared to be malfunctioning.

This error came as a surprise considering the following facts:

  • The system was created just a short while ago.
  • Only one domain was deployed on this system.
  • A Let’s Encrypt SSL certificate was successfully installed on that domain when Certbot was run for the first time.
  • Certbot stopped working when it was run for the second time.

Let’s take a look at the log file below to find out what happened.

DEBUG: certbot. _internal. main: certbot
DEBUG: certbot. _internal. main: Location of certbot entry point: /usr /bin /certbot
DEBUG: certbot. _internal. main: Arguments: ['--apache']
DEBUG: certbot. _internal. main: Discovered plugins: PluginsRegistry (PluginEntryPoint #apache, PluginEntryPoint #manual, PluginEntryPoint #null, PluginEntryPoint #standalone, PluginEntryPoint #webroot)
INFO: certbot. _internal. log: Saving debug log to /var /log / letsencrypt /letsencrypt.log
DEBUG: certbot. _internal. plugins. selection: Requested authenticator apache and installer apache
DEBUG: certbot_apache. _internal. configurator: Apache
ERROR: certbot_apache. _internal. apache_util: Error running command ['apachectl', '-t', '-D', 'DUMP_INCLUDES'] for runtime parameters!
DEBUG: certbot. _internal. plugins. selection: Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache. _internal.entrypoint: ENTRYPOINT
Initialized: certbot_apache. _internal. override_centos. CentOSConfigurator object at 0x7fe933d8eed0
Prep: Error accessing loaded Apache parameters: ['apachectl', '-t', '-D', 'DUMP_INCLUDES']
DEBUG: certbot. _internal. plugins. selection: Selected authenticator None and installer None

The DEBUG messages above, especially the last line, seemed to reveal what was required to deal with the problem.

As both the authenticator and the installer are “None”, I decided to start with the authenticator and the installer settings. The values of these settings are supposed to be “Apache”.

The Solution: Fixing the Configuration

The authenticator and the installer settings are in configuration files in the following directory.

/etc /letsencrypt /renewal/ *.conf

As I mentioned above, this was a newly created system and only one domain had been set up with a Let’s Encrypt SSL certificate when the error was seen. Therefore, there was only one configuration file in this directory.

Certbot seemed to have some issues with the settings in the configuration file. I decided to remove that file and run Certbot again. The result was interesting.

[login@linux ~]# certbot --apache
Saving debug log to /var /log / letsencrypt /letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection:
Which names would you like to activate HTTPS for?
- - - - - - - - - - - -
1: webhostingmonkey.com
- - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): c
Please specify --domains, or --installer that will help in domain names auto discovery, or --cert-name for an existing certificate name.

As shown on the screen above, Apache was the authenticator and installer.

Certbot was back in business. The Apache plugin was working fine and Certbot was able to install or renew SSL certificates again.

Don’t worry about the renewal configuration file that was removed. Certbot created a new one along with a new SSL certificate.

The problem was solved.

Before removing anything from the renewal directory, don’t forget to back up your files. If removing the renewal configuration file does not solve the problem in your case, examine the configuration file of your Apache web server and make sure that the syntax is correct.

[login@linux ~]# apachectl configtest
Syntax OK
[login@linux ~]#

Any syntax error in the Apache configuration file will prevent Certbot from creating SSL certificates.

Here is an extra tip for you: the Apache configuration file should be free of any special characters even if the syntax is fine. Apache web server can tolerate them but Certbot cannot.

Finally, you can try creating SSL certificates without the Apache plugin if none of the suggestions above works for you. Run the following Certbot command.

[login@linux ~]# certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):

The Authenticator will be set to webroot and the Installer will be set to None. You will need to manually configure the Apache web server on your system after SSL certificates are created. This is an option for advanced users, however, the Apache plugin will no longer be required and you won’t run into any plugin errors.