Are you support Iranian Domain

I'm iranian and wanna get free ssl for .ir website.
Are we on the sanctions list?
Thank you


Yes, you can get Let's Encrypt certificates for .ir domains.

The sanctions list applies to specific domain names, not the entire TLD.


Thank you.
Please Help me to get free ssl.
Is there step by step help file?


It depends what type of web hosting you have.

If you run your own Linux server and can login as root, then follow the instructions on


Once you have an initial understanding of what to do, if you have any questions or run into any trouble, we are here to help. :slightly_smiling_face:


Hi @mry

start with some basics:

Then share your environment:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

If you have root access, select a client:


Thank you for response

Thank you.
I run ubuntu and this command:
$sudo certbot --nginx
but in /etc/letsencrypt/live/mydomain/ are only two .pem file and certificate wasn't applied.
Please Help me.


If you could please post the full output from the Certbot command, I'd be happy to take a look.


The following renewal configurations were invalid:
This file is empty.

$sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/mydomain.conf

Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/certbot/", line 64, in _recon stitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python2.7/dist-packages/certbot/", line 420, in ini t
"file reference".format(self.configfile))
CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/mydoamin.conf is brok en. Skipping.

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/mydoamin.conf (parsefail)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

0 renew failure(s), 1 parse failure(s)


$ systemctl list-timers
Sat 2020-10-10 22:01:47 +0330 9h left n/a n/a certbot.timer certb

1 Like

Can you please list the contents of:

This error often refers to a situation where the files inside /etc/letsencrypt/live/mydomain/ have been modified. i.e. the symlinks are broken.

Another clue that this is the case is here:

There should be 4 .pem files, which means two of them were probably manually deleted.

You can try run:

sudo certbot update_symlinks
sudo certbot install --cert-name mydomain

if that doesn't work, it might be possible to fix it manually, but we'd need the output of:

sudo ls -alR /etc/letsencrypt/{archive,live,renewal}

mydoamin.conf is empty.


Maybe you can explain this to me @_az since I can't seem to get a clear answer from the certbot team:

What exactly does install actually do and why doesn't it update the installation part of the renewal configuration?

1 Like

Sorry for asking for that. You already said it was empty before. Please try what @_az has suggested.


When run commands:
me@server$ sudo certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log
renewal config file {} is missing a required file reference
me@server$ sudo certbot install --cert-name mydomain
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

1 Like

Noises of sadness.

What about:

sudo ls -alR /etc/letsencrypt/{archive,live,renewal}

Can I ask whether you manually deleted or modified any files inside /etc/letsencrypt/?


me@server$ sudo ls -alR /etc/letsencrypt/{archive,live,renewal}
total 8
drwx------ 2 root root 4096 Oct 7 12:11 .
drwxr-xr-x 9 root root 4096 Oct 10 12:25 ..

total 16
drwxr-xr-x 3 root root 4096 Oct 7 12:11 .
drwxr-xr-x 9 root root 4096 Oct 10 12:25 ..
-rw-r--r-- 1 root root 740 Oct 7 12:11 README
drwxr-xr-x 2 root root 4096 Sep 12 20:34 myDomain

total 8
drwxr-xr-x 2 root root 4096 Sep 12 20:34 .
drwxr-xr-x 3 root root 4096 Oct 7 12:11 ..
lrwxrwxrwx 1 root root 26 Sep 12 20:34 fullchain.pem -> /local/certs/fullchain.pem
lrwxrwxrwx 1 root root 24 Sep 12 20:34 privkey.pem -> /local/certs/privkey.pem

total 8
drwxr-xr-x 2 root root 4096 Oct 10 11:44 .
drwxr-xr-x 9 root root 4096 Oct 10 12:25 ..
-rw-r--r-- 1 root root 0 Oct 7 12:11 myDomain.conf

No. I didnot change any things.

1 Like

OK, thank you.

This problem not recoverable.

All of the important files are missing. They were either deleted or the files were copied from another server in an incorrect way.

You should start again.

sudo rm -rf /etc/letsencrypt/live/myDomain /etc/letsencrypt/renewal/myDomain.conf

and then

sudo certbot --nginx -d