Could not find SSL Module and disabling session ticket module on Certbot

[h8dop]

Hi all good people

I'm building a web using FAMP stack and use WP as CMS.

at first it's going very smooth, no problem at all.
I have very functional http website.

Then, I want to make it has https and SSL
I load the mod_ssl and disabling sessionticket off

when deploying the cert i'm using certbot

# certbot --apache -d myweb.com -d www.myweb.com

certbot saying that unable to find mod ssl and not disabling session ticket.
But, you see my statement above right?
Although certbot success deploying cert on my web.

I found similar issue on
https://github.com/certbot/certbot/issues/8072

Trying to use
--apache-ctl isn't working
using --apachectl also the same.

When I load my web on both http and https
It shows me
ERR_TOO_MANY_REDIRECTS
,,
when check my web on SSLlabs
it gets rate A

What's wrong with all this?
How do I solve this problem.

Regards,
h8dop

 

[rafael_grether]

Hi,

Do you use a reverse proxy, like Cloudflare?
If yes, try to appoint directly to your server, without proxy.

About ssl module, type
httpd -M | grep ssl
to confirm that SSL module is loaded (eg. ssl_module (shared))

 

[h8dop]

Hi,

Do you use a reverse proxy, like Cloudflare?
If yes, try to appoint directly to your server, without proxy.

About ssl module, type
httpd -M | grep ssl
to confirm that SSL module is loaded (eg. ssl_module (shared))

Thank you rafael_grether for your suggestion
I don't use reverse proxy. I already point /etc/host/ on my server.

perform
httpd -M | grep ssl
and Yes it shows
ssl_module (shared)

When I run
certbot renew --dry-run
this red line always appears
Unable to read ssl_module file; not disabling session tickets.

But, in the end of section it says
Congratulations, all simulated renewals succeeded:
/usr/local/etc/letsencrypt/live/yourweb.com/fullchain.pem (success)

is this still ok? because like I said earlier the mod_ssl was anabled and SSLSessionTickets off
Thank you

 

[rafael_grether]

Hi h8top,

Do you installed certbot from ports, alright?
I think certbot uses py38-openssl dependency to locate ssl_module.

But not ok. It seems certbot only generated fullchain.pem, but should generate fullchain.pem and privkey.pem

Please Pastebin your letsencrypt.log.

 

[h8dop]

Do you installed certbot from ports, alright?

No. I'm using pkg all the time.

But my web is loaded successfully without problem.

Yeah, I'll attach letsencrypt.log soon.
i'm sure It'll do.

 

[SirDice]

I just use the -w option to set a specific webroot I configured for this. If anything needs to be restarted because the certificates have been updated then a script in renewal-hooks/post/ takes care of restarting any services that need it. A script in renewal-hooks/deploy/ takes care of copying the certificates to their appropriate locations.

 

[ahoggie]

No. I'm using pkg all the time.

But my web is loaded successfully without problem.

Yeah, I'll attach letsencrypt.log soon.
i'm sure It'll do.

Did you find a solution/remedy?

 

[metacreo]

# mkdir -p /usr/local/etc/apache24/libexec/apache24/
# ln -s /usr/local/libexec/apache24/mod_ssl.so /usr/local/etc/apache24/libexec/apache24/mod_ssl.so

This solution hides the error. But this is not relevant, because the certificates are updated despite the error.

 

[albert8675]

# mkdir -p /usr/local/etc/apache24/libexec/apache24/
# ln -s /usr/local/libexec/apache24/mod_ssl.so /usr/local/etc/apache24/libexec/apache24/mod_ssl.so

This solution hides the error. But this is not relevant, because the certificates are updated despite the error.

I tried but the error it still there...

 

[vaykly]

I changed the httpd.conf configuration to an absolute path, you can try it (*^_^*)