Certbot attempts to read mod_ssl.so (to get OpenSSL version) at wrong path: attempted: /usr/local/etc/apache24/libexec/apache24/mod_ssl.so real path: /usr/local/libexec/apache24/mod_ssl.so My config in /usr/local/etc/apache24/httpd.conf: ServerRoot "/usr/local" Module ssl_module libexec/apache24/mod_ssl.so That is, the module appears to be searched relative to httpd.conf — that is wrong: according to Apache HTTP Server docs, relative paths in LoadModule directive should be resolved against ServerRoot rather than the topmost configuration directory. I have reported this bug to https://github.com/certbot/certbot/issues/8593 and the upstream developers concluded that the issue is FreeBSD-specific, caused by the following patch: https://svnweb.freebsd.org/ports/head/security/py-certbot-apache/Makefile ?revision=491714&view=markup which runs sed -e 's|/etc/apache2|${LOCALBASE}/etc/apache24|' ${WRKSRC}/certbot_apache/configurator.py so that OS_DEFAULTS["server_root"] becomes "/usr/local/etc/apache24". In my understanding, this alone is not the root cause for the problem, because that variable is only used as default for --apache-server-root to find httpd.conf initially. The real problem, IMHO, is that this OS_DEFAULTS["server_root"] is later used instead of real ServerRoot specified in httpd.conf — at least I see no attempt to parse ServerRoot in certbot-apache code, but I am not very confident about that, as I just started familiarizing myself with this software. As an alternative, Certbot developers offered creating an overrides file, just like override_debian.py, so that no downstream patching is needed. But, again, I see no way how this could fix the original issue. Could someone please share their experience with certbot-apache in FreeBSD — how do you configure it, and did you ever check that it actually operates flawlessly? Because for me it in fact succeeds despite this error, so my guess is that nobody just notices it.