The cli.ini
file is not required.
Those entries are [probably] redundant:
- The server is being set to the default
- The email address [normally] would have been stored during issuance
The cli.ini
file is not required.
Those entries are [probably] redundant:
Please use the --dry-run
option for testing renewal instead of forcing a renewal on the production environment.
For debugging your current issue please show the entire letsencrypt.log
contents as requested earlier.
The data here still doesn't make sense to me, but I do think there is some kind of bug in plugin selection which could theoretically lead to this crash. I've filed an issue here.
This time
I ran this command:
sudo certbot renew --noninteractive --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/mydomain.com-0001.conf
Hook 'pre-hook' ran with output:
mydomain stop/waiting
Stopping nginx: [ OK ]
Simulating renewal of an existing certificate for mydomain.com and www.mydomain.com
Processing /etc/letsencrypt/renewal/mydomain.com.conf
Simulating renewal of an existing certificate for mydomain.com and www.mydomain.com
Failed to renew certificate mydomain.com with error: Missing command line flag or config entry for this setting:
Input the webroot for mydomain.com:
The following simulated renewals succeeded:
/etc/letsencrypt/live/mydomain.com-0001/fullchain.pem (success)
The following simulated renewals failed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)
Hook 'post-hook' ran with output:
Starting nginx: [ OK ]
mydomain start/running, process 27223
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Error Log in letsencrypt.log:
I've attached letsencrypt.log file for your reference.
letsencrypt.log.txt (71.1 KB)
This isn't the contents of mydomain.com-0001.conf
by any chance?
Because looking at the log and output you have two certificates configured:
mydomain.com-0001
using the standalone authenticator without installer without a problem, and;mydomain.com
which somehow is "configured" to use the webroot
authenticator and tries to use the standalone
plugin as installer?:2023-04-07 03:53:34,192:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer standalone
Which is very, very weird. And the renewal configuration file you've posted earlier looks more like the configuration file of the mydomain.com-0001
cert in the log.
I deleted all the certificates all together using following command:
sudo certbot delete
Having deleted all the certificates, when I tried to reissue the certificates again I got following error:
An unexpected error occurred: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: mydomain.com,www.mydomain.com, retry after 2023-04-07T20:38:41Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Looks like I'll have to wait another week for the certificates to be issued again.
Luckily, I had backed up the Certificates folder before deleting them.
Thank You for Your Help. I may have to bother you again after a week.
Why? Because:
So you can put back the backup, right?
Also, for testing purposes, please keep using --dry-run
so your testing will be performed on the staging environment and won't affect rate limits on the production environment.
What problem are you trying to fix that deleting certificates seems like the best solution?
Removing the old/misconfigured certificates and reissuing the certificate again worked for me. Thank you
Thank you.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.