diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug
index edaca3fef..f3e688e05 100644
--- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug
+++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug
@@ -45,9 +45,8 @@ autoload xfm
let dels (s:string) = del s s
(* deal with continuation lines *)
-let sep_spc = del /([ \t]+|[ \t]*\\\\\r?\n[ \t]*)/ " "
-
-let sep_osp = Sep.opt_space
+let sep_spc = del /([ \t]+|[ \t]*\\\\\r?\n[ \t]*)/ " "
+let sep_osp = del /([ \t]*|[ \t]*\\\\\r?\n[ \t]*)/ ""
let sep_eq = del /[ \t]*=[ \t]*/ "="
let nmtoken = /[a-zA-Z:_][a-zA-Z0-9:_.-]*/
@@ -60,7 +59,7 @@ let indent = Util.indent
(* borrowed from shellvars.aug *)
let char_arg_dir = /([^\\ '"{\t\r\n]|[^ '"{\t\r\n]+[^\\ \t\r\n])|\\\\"|\\\\'/
-let char_arg_sec = /[^ '"\t\r\n>]|\\\\"|\\\\'/
+let char_arg_sec = /[^\\ '"\t\r\n>]|\\\\"|\\\\'/
let char_arg_wl = /([^\\ '"},\t\r\n]|[^ '"},\t\r\n]+[^\\ '"},\t\r\n])/
let cdot = /\\\\./
diff --git a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf
new file mode 100644
index 000000000..6840b71d6
--- /dev/null
+++ b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf
@@ -0,0 +1,284 @@
+
+NameVirtualHost 0.0.0.0:7080
+NameVirtualHost [00000:000:000:000::0]:7080
+NameVirtualHost 0.0.0.0:7080
+
+NameVirtualHost 127.0.0.1:7080
+NameVirtualHost 0.0.0.0:7081
+NameVirtualHost [0000:000:000:000::2]:7081
+NameVirtualHost 0.0.0.0:7081
+
+NameVirtualHost 127.0.0.1:7081
+
+ServerName "example.com"
+ServerAdmin "srv@example.com"
+
+DocumentRoot "/var/www/vhosts/default/htdocs"
+
+
+ LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog
+
+
+ LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" plesklog
+
+
+TraceEnable off
+
+ServerTokens ProductOnly
+
+
+ AllowOverride "All"
+ Options SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+
+
+ php_admin_flag engine off
+
+
+
+ php_admin_flag engine off
+
+
+
+
+
+ AllowOverride "All"
+ Options SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+
+ php_admin_flag engine off
+
+
+ php_admin_flag engine off
+
+
+
+
+ Header add X-Powered-By PleskLin
+
+
+
+ SecRuleEngine DetectionOnly
+ SecRequestBodyAccess On
+ SecRequestBodyLimit 134217728
+ SecResponseBodyAccess Off
+ SecResponseBodyLimit 524288
+ SecAuditEngine On
+ SecAuditLog "/var/log/modsec_audit.log"
+ SecAuditLogType serial
+
+
+Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf"
+
+
+ ServerName "default"
+ UseCanonicalName Off
+ DocumentRoot "/var/www/vhosts/default/htdocs"
+ ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin"
+
+
+ SSLEngine off
+
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+ php_admin_flag engine on
+
+
+
+ php_admin_flag engine on
+
+
+
+
+
+
+
+
+
+ ServerName "default-0_0_0_0"
+ UseCanonicalName Off
+ DocumentRoot "/var/www/vhosts/default/htdocs"
+ ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin"
+
+ SSLEngine on
+ SSLVerifyClient none
+ SSLCertificateFile "/usr/local/psa/var/certificates/certGXCBZ4r"
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+ php_admin_flag engine on
+
+
+
+ php_admin_flag engine on
+
+
+
+
+
+
+ ServerName "default-0000_000_000_00000__2"
+ UseCanonicalName Off
+ DocumentRoot "/var/www/vhosts/default/htdocs"
+ ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin"
+
+ SSLEngine on
+ SSLVerifyClient none
+ SSLCertificateFile "/usr/local/psa/var/certificates/certGXCBZ4r"
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+ php_admin_flag engine on
+
+
+
+ php_admin_flag engine on
+
+
+
+
+
+
+ ServerName "default-0_0_0_0"
+ UseCanonicalName Off
+ DocumentRoot "/var/www/vhosts/default/htdocs"
+ ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin"
+
+ SSLEngine on
+ SSLVerifyClient none
+ SSLCertificateFile "/usr/local/psa/var/certificates/cert-Nv4Tz5"
+
+ SSLCACertificateFile "/usr/local/psa/var/certificates/cert-nLy6Z1"
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+ php_admin_flag engine on
+
+
+
+ php_admin_flag engine on
+
+
+
+
+
+
+
+
+
+ DocumentRoot "/var/www/vhosts/default/htdocs"
+ ServerName lists
+ ServerAlias lists.*
+ UseCanonicalName Off
+
+ ScriptAlias "/mailman/" "/usr/lib/mailman/cgi-bin/"
+
+ Alias "/icons/" "/var/www/icons/"
+ Alias "/pipermail/" "/var/lib/mailman/archives/public/"
+
+
+ SSLEngine off
+
+
+
+ Options FollowSymLinks
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+
+ DocumentRoot "/var/www/vhosts/default/htdocs"
+ ServerName lists
+ ServerAlias lists.*
+ UseCanonicalName Off
+
+ ScriptAlias "/mailman/" "/usr/lib/mailman/cgi-bin/"
+
+ Alias "/icons/" "/var/www/icons/"
+ Alias "/pipermail/" "/var/lib/mailman/archives/public/"
+
+ SSLEngine on
+ SSLVerifyClient none
+ SSLCertificateFile "/usr/local/psa/var/certificates/cert-Nv4Tz5"
+
+
+ Options FollowSymLinks
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+
+ RPAFproxy_ips 0.0.0.0 [00000:000:000:00000::2] 0.0.0.0
+
+
+ RPAFproxy_ips 0.0.0.0 [0000:000:000:0000::2] 0.0.0.0
+
+
+ RemoteIPInternalProxy 0.0.0.0 [0000:000:000:0000::2] 0.0.0.0
+ RemoteIPHeader X-Forwarded-For
+
\ No newline at end of file