Certbot crashes with StopIteration exception when copying configuration file with orphaned RewriteCond

[michalrokita]

My operating system is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

certbot-auto

I ran this command and it produced this output:

sudo certbot-auto --apache -d ********************

Here is a Certbot log showing the issue (if available):

2017-11-20 19:57:50,640:DEBUG:certbot.error_handler:Calling registered functions
2017-11-20 19:57:50,642:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2017-11-20 19:57:50,642:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in
sys.exit(main())
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 705, in run
_install_cert(config, le_client, domains, new_lineage)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 565, in _install_cert
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 452, in deploy_certificate
fullchain_path=fullchain_path)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 253, in deploy_cert
vhost = self.choose_vhost(domain)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 347, in choose_vhost
vhost = self.make_vhost_ssl(vhost)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 852, in make_vhost_ssl
self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 998, in _copy_create_ssl_vhost_skeleton
ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1070, in _sift_rewrite_rules
line = next(contents)
StopIteration

[bmw]

Can you please provide the full log found in /var/log/letsencrypt and the configuration file for the Apache virtual host for the domain you're trying to install the certificate to? Feel free to redact domains, email, and IP addresses as you deem appropriate.

cc @joohoi

[michalrokita]

@bmw @joohoi

Strict-Transport-Security: max-age=604800
Expires: Tue, 21 Nov 2017 21:10:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 21 Nov 2017 21:10:23 GMT
Connection: keep-alive

{
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert",
  "sB8dAJ447IQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2017-11-21 21:10:23,815:INFO:certbot.renewal:Cert not yet due for renewal
2017-11-21 21:10:26,675:INFO:certbot.main:Keeping the existing certificate
2017-11-21 21:10:26,683:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain.com/privkey.pem
Your cert will expire on 2018-02-18. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew"
2017-11-21 21:10:26,704:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-available/visum-le-ssl.conf
2017-11-21 21:10:26,725:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 452, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 253, in deploy_cert
    vhost = self.choose_vhost(domain)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 347, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 852, in make_vhost_ssl
    self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 998, in _copy_create_ssl_vhost_skeleton
    ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1070, in _sift_rewrite_rules
    line = next(contents)
StopIteration

2017-11-21 21:10:26,727:DEBUG:certbot.error_handler:Calling registered functions
2017-11-21 21:10:26,731:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2017-11-21 21:10:26,731:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
    return config.func(config, plugins)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 705, in run
    _install_cert(config, le_client, domains, new_lineage)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 565, in _install_cert
    path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 452, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 253, in deploy_cert
    vhost = self.choose_vhost(domain)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 347, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 852, in make_vhost_ssl
    self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 998, in _copy_create_ssl_vhost_skeleton
    ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1070, in _sift_rewrite_rules
    line = next(contents)
StopIteration
2017-11-21 21:10:26,734:ERROR:certbot.log:An unexpected error occurred:

<VirtualHost *:80>
  ServerAdmin michal.rokita17@gmail.com
  ServerName domain.com
  DocumentRoot /var/www/path
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

[joohoi]

The problem seems to be a RewriteCond without (commented out) a following RewriteRule.
We'll need to improve our mod_rewrite rule parsing methods to fix this bug, so I'll change title of this issue accordingly to keep track of the process.

To work around this, you can comment out the orphaned RewriteCond line from your configuration file. Sorry for the inconvinience.

[michalrokita]

Of my god, it was so simple. Totaly worked! Thank you so, so much 👍 @joohoi

[bmw]

I just tried to reproduce this issue and failed. If you're still hitting it with an up-to-date version of Certbot, please open a new issue and completely fill out the issue template.

[yopaz-giapnh]

The problem seems to be a RewriteCond without (commented out) a following RewriteRule.
We'll need to improve our mod_rewrite rule parsing methods to fix this bug, so I'll change title of this issue accordingly to keep track of the process.

To work around this, you can comment out the orphaned RewriteCond line from your configuration file. Sorry for the inconvinience.

You saved my life! 😍😍😍

[dominikfomicz]

byłem tu <3

[MathiasZaja]

The problem seems to be a RewriteCond without (commented out) a following RewriteRule. We'll need to improve our mod_rewrite rule parsing methods to fix this bug, so I'll change title of this issue accordingly to keep track of the process.

To work around this, you can comment out the orphaned RewriteCond line from your configuration file. Sorry for the inconvinience.

[MathiasZaja]

Perfect answer. I had the same problem and solved it thaks to your advice. Thanks a lot,