Hello
I'm iranian and wanna get free ssl for .ir website.
Are we on the sanctions list?
Thank you
3 Likes
Yes, you can get Let's Encrypt certificates for .ir domains.
The sanctions list applies to specific domain names, not the entire TLD.
3 Likes
Thank you.
Please Help me to get free ssl.
Is there step by step help file?
3 Likes
It depends what type of web hosting you have.
If you run your own Linux server and can login as root, then follow the instructions on https://certbot.eff.org.
4 Likes
Once you have an initial understanding of what to do, if you have any questions or run into any trouble, we are here to help. 
3 Likes
Hi @mry
start with some basics:
Then share your environment:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
If you have root access, select a client:
2 Likes
Thank you for response
Thank you.
I run ubuntu and this command:
$sudo certbot --nginx
but in /etc/letsencrypt/live/mydomain/ are only two .pem file and certificate wasn't applied.
Please Help me.
2 Likes
If you could please post the full output from the Certbot command, I'd be happy to take a look.
3 Likes
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/mydomain.conf
This file is empty.
$sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/mydomain.conf
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/certbot/renewal.py", line 64, in _recon stitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python2.7/dist-packages/certbot/storage.py", line 420, in ini t
"file reference".format(self.configfile))
CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/mydoamin.conf is brok en. Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
No renewals were attempted.
Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/mydoamin.conf (parsefail)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
0 renew failure(s), 1 parse failure(s)
$
2 Likes
$ systemctl list-timers
Sat 2020-10-10 22:01:47 +0330 9h left n/a n/a certbot.timer certb
1 Like
Can you please list the contents of:
/etc/letsencrypt/renewal/mydomain.conf
This error often refers to a situation where the files inside /etc/letsencrypt/live/mydomain/ have been modified. i.e. the symlinks are broken.
Another clue that this is the case is here:
There should be 4 .pem files, which means two of them were probably manually deleted.
You can try run:
sudo certbot update_symlinks
sudo certbot install --cert-name mydomain
if that doesn't work, it might be possible to fix it manually, but we'd need the output of:
sudo ls -alR /etc/letsencrypt/{archive,live,renewal}
3 Likes
mydoamin.conf is empty.
2 Likes
Maybe you can explain this to me @_az since I can't seem to get a clear answer from the certbot team:
What exactly does install actually do and why doesn't it update the installation part of the renewal configuration?
1 Like
Sorry for asking for that. You already said it was empty before. Please try what @_az has suggested.
2 Likes
When run commands:
me@server$ sudo certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log
renewal config file {} is missing a required file reference
me@server$ sudo certbot install --cert-name mydomain
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
me@server$
1 Like
Noises of sadness.
What about:
sudo ls -alR /etc/letsencrypt/{archive,live,renewal}
Can I ask whether you manually deleted or modified any files inside /etc/letsencrypt/?
2 Likes
me@server$ sudo ls -alR /etc/letsencrypt/{archive,live,renewal}
/etc/letsencrypt/archive:
total 8
drwx------ 2 root root 4096 Oct 7 12:11 .
drwxr-xr-x 9 root root 4096 Oct 10 12:25 ..
/etc/letsencrypt/live:
total 16
drwxr-xr-x 3 root root 4096 Oct 7 12:11 .
drwxr-xr-x 9 root root 4096 Oct 10 12:25 ..
-rw-r--r-- 1 root root 740 Oct 7 12:11 README
drwxr-xr-x 2 root root 4096 Sep 12 20:34 myDomain
/etc/letsencrypt/live/myDomain:
total 8
drwxr-xr-x 2 root root 4096 Sep 12 20:34 .
drwxr-xr-x 3 root root 4096 Oct 7 12:11 ..
lrwxrwxrwx 1 root root 26 Sep 12 20:34 fullchain.pem -> /local/certs/fullchain.pem
lrwxrwxrwx 1 root root 24 Sep 12 20:34 privkey.pem -> /local/certs/privkey.pem
/etc/letsencrypt/renewal:
total 8
drwxr-xr-x 2 root root 4096 Oct 10 11:44 .
drwxr-xr-x 9 root root 4096 Oct 10 12:25 ..
-rw-r--r-- 1 root root 0 Oct 7 12:11 myDomain.conf
me@server$
No. I didnot change any things.
1 Like
OK, thank you.
This problem not recoverable.
All of the important files are missing. They were either deleted or the files were copied from another server in an incorrect way.
You should start again.
sudo rm -rf /etc/letsencrypt/live/myDomain /etc/letsencrypt/renewal/myDomain.conf
and then
sudo certbot --nginx -d example.com
3 Likes