# Could not find SSL Module and disabling session ticket module on Certbot



## h8dop (Oct 14, 2021)

Hi all good people

I'm building a web using FAMP stack and use WP as CMS.

at first it's going very smooth, no problem at all. 
I have very functional http website.

Then, I want to make it has https and SSL
I load the mod_ssl and disabling sessionticket off

when deploying the cert i'm using certbot

# certbot --apache -d myweb.com -d www.myweb.com

certbot saying that unable to find mod ssl and not disabling session ticket.
But, you see my statement above right?
Although certbot success deploying cert on my web.

I found similar issue on 
https://github.com/certbot/certbot/issues/8072

Trying to use 
--apache-ctl isn't working
using --apachectl also the same.

When I load my web on both http and https
It shows me 
ERR_TOO_MANY_REDIRECTS
,,
when check my web on SSLlabs 
it gets rate A

What's wrong with all this?
How do I solve this problem.

Regards,
h8dop


----------



## rafael_grether (Oct 15, 2021)

Hi,

Do you use a reverse proxy, like Cloudflare?
If yes, try to appoint directly to your server, without proxy.

About ssl module, type
httpd -M | grep ssl
to confirm that SSL module is loaded (eg.  ssl_module (shared))


----------



## h8dop (Oct 16, 2021)

rafael_grether said:


> Hi,
> 
> Do you use a reverse proxy, like Cloudflare?
> If yes, try to appoint directly to your server, without proxy.
> ...


Thank you rafael_grether for your suggestion
I don't use reverse proxy. I already point /etc/host/ on my server.

perform 
httpd -M | grep ssl
and Yes it shows
*ssl_module (shared)*

When I run
certbot renew --dry-run
this red line always appears
Unable to read ssl_module file; not disabling session tickets.

But, in the end of section it says
Congratulations, all simulated renewals succeeded: 
/usr/local/etc/letsencrypt/live/yourweb.com/fullchain.pem (success)

is this still ok? because like I said earlier the mod_ssl was anabled and SSLSessionTickets off
Thank you


----------



## rafael_grether (Oct 16, 2021)

Hi h8top,

Do you installed certbot from ports, alright?
I think  certbot uses py38-openssl dependency to locate ssl_module.

But not ok. It seems certbot only generated fullchain.pem, but should generate fullchain.pem and privkey.pem

Please Pastebin your letsencrypt.log.


----------



## h8dop (Oct 19, 2021)

rafael_grether said:


> Do you installed certbot from ports, alright?



No. I'm using pkg all the time.

But my web is loaded successfully without problem.

Yeah, I'll attach letsencrypt.log soon.
i'm sure It'll do.


----------



## SirDice (Oct 19, 2021)

I just use the `-w` option to set a specific webroot I configured for this. If anything needs to be restarted because the certificates have been updated then a script in renewal-hooks/post/ takes care of restarting any services that need it. A script in renewal-hooks/deploy/ takes care of copying the certificates to their appropriate locations.


----------

