My domain is: clearpath.site
I ran this command: sudo certbot renew
It produced this output:
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator dns-linode, Installer apache
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for clearpath.site
dns-01 challenge for clearpath.site
Unsafe permissions on credentials configuration file: /home/david/linode.ini
Cleaning up challenges
Attempting to renew cert (clearpath.site) from /etc/letsencrypt/renewal/clearpath.site.conf produced an unexpected error: Error determining zone identifier for clearpath.site: 401 Client Error: UNAUTHORIZED for url: https://api.linode.com/v4/domains.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/clearpath.site/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/clearpath.site/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
My web server is (include version): Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 19.10 (GNU/Linux 5.3.0-55-generic x86_64)
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don’t know): no
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
terminal
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.36.0
what does this mean?
1 Like
_az
July 29, 2020, 2:42am
2
This error almost certainly means your API key is incorrect or lacks access to the "Domains" scope.
Have you checked whether perhaps the token has expired, in the Linode API Tokens interface?
1 Like
It has been so long since I have dealt with all this so excuse my ignorance.
Could Linode have changed something? Nothing has been changed on my server since last renew.
_az
July 29, 2020, 2:48am
4
Not sure. Do you have access to the Linode account to see whether any tokens still exist under https://cloud.linode.com/profile/tokens ?
Maybe an expiry was specified for the token, or somebody just straight up deleted it.
2 Likes
Oh, yup. Looks like the API token expired/deleted. I just talked to support and they said it automatically deletes after 6 months.
Is there a tutorial for setting up a new key on this and connecting it to my current certbot or do I have to go through the process all again? IIRC I had quite a hard time getting it to work the first time
I have the proper commands for installing and reinstalling… saved in a txt file…
certbot \
--dns-linode \
--dns-linode-credentials ~/linode.ini \
-i apache \
-d clearpath.site \
-d *.clearpath.site
and…
sudo certbot --reinstall -d clearpath.site -d *.clearpath.site
But how do I hook up a new API key to this? I assume it is in the conf file?
1 Like
_az
July 29, 2020, 3:16am
6
Well, you pretty much just press Add Personal Access Token on the Linode page, change the Domains row to Read/Write , set the Expiry to Never , set Label to Certbot , and press Create Token .
It will show you something like:
Your personal access token has been created. Store this secret. It won't be shown again.
00943bbaa9440c1c40bb2d1aec5e204629c38c73607098117ef2bb6d98b26ddf
and then you copy that value into your ~/linode.ini
, changing the dns_linode_key
line to use that value instead of the old value.
Then you can try renew.
2 Likes
Ahh that is right! It is the linode.ini file! Now I remember. Thanks a bunch!
1 Like
system
Closed
August 28, 2020, 3:17am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.