The cli.ini file is not required.
Those entries are [probably] redundant:
- The server is being set to the default
- The email address [normally] would have been stored during issuance
3 Likes
Please use the --dry-run option for testing renewal instead of forcing a renewal on the production environment.
For debugging your current issue please show the entire letsencrypt.log contents as requested earlier.
5 Likes
The data here still doesn't make sense to me, but I do think there is some kind of bug in plugin selection which could theoretically lead to this crash. I've filed an issue here.
4 Likes
This time
I ran this command:
sudo certbot renew --noninteractive --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/mydomain.com-0001.conf
Hook 'pre-hook' ran with output:
mydomain stop/waiting
Stopping nginx: [ OK ]
Simulating renewal of an existing certificate for mydomain.com and www.mydomain.com
Processing /etc/letsencrypt/renewal/mydomain.com.conf
Simulating renewal of an existing certificate for mydomain.com and www.mydomain.com
Failed to renew certificate mydomain.com with error: Missing command line flag or config entry for this setting:
Input the webroot for mydomain.com:
The following simulated renewals succeeded:
/etc/letsencrypt/live/mydomain.com-0001/fullchain.pem (success)
The following simulated renewals failed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)
Hook 'post-hook' ran with output:
Starting nginx: [ OK ]
mydomain start/running, process 27223
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Error Log in letsencrypt.log:
I've attached letsencrypt.log file for your reference.
letsencrypt.log.txt (71.1 KB)
This isn't the contents of mydomain.com-0001.conf by any chance?
Because looking at the log and output you have two certificates configured:
mydomain.com-0001using the standalone authenticator without installer without a problem, and;mydomain.comwhich somehow is "configured" to use thewebrootauthenticator and tries to use thestandaloneplugin as installer?:
2023-04-07 03:53:34,192:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer standalone
Which is very, very weird. And the renewal configuration file you've posted earlier looks more like the configuration file of the mydomain.com-0001 cert in the log.
4 Likes
I deleted all the certificates all together using following command:
sudo certbot delete
Having deleted all the certificates, when I tried to reissue the certificates again I got following error:
An unexpected error occurred: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: mydomain.com,www.mydomain.com, retry after 2023-04-07T20:38:41Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Looks like I'll have to wait another week for the certificates to be issued again. 
Luckily, I had backed up the Certificates folder before deleting them.
Thank You for Your Help. I may have to bother you again after a week. 
1 Like
Why? Because:
So you can put back the backup, right?
Also, for testing purposes, please keep using --dry-run so your testing will be performed on the staging environment and won't affect rate limits on the production environment.
6 Likes
What problem are you trying to fix that deleting certificates seems like the best solution?
5 Likes
Removing the old/misconfigured certificates and reissuing the certificate again worked for me. 
Thank you
1 Like
Thank you.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.