Automatic renewal instructions fail on Ubuntu 16.04


#1

I followed the instructions on https://certbot.eff.org/#ubuntuxenial-apache to the letter, to install a cert on my brand new, fully up to date Ubuntu 16.04 LTS VPS, for the domain server05.pepsoft.org. The installation worked and I can reach my server via SSL. However the instructions for testing the automatic renewal fail with the following messages:

letsencrypt renew --dry-run

Processing /etc/letsencrypt/renewal/server05.pepsoft.org.conf
2016-09-11 16:15:52,218:WARNING:letsencrypt.client:Registering without email!
2016-09-11 16:15:53,980:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/server05.pepsoft.org.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-staging.api.letsencrypt.org/directory

(You can set this with the --agree-tos flag). Skipping.
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/server05.pepsoft.org/fullchain.pem (failure)
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

My questions are:

  1. How do I fix this situation?
  2. Can the instructions be updated so that they correctly take this situation into account?

I found other threads about the same problem, but they don’t actually provide a solution, nor have the instructions been fixed. I know I can add --agree-tos to the command line, but I don’t know if that is the correct solution (in which case the instructions should reflect that), and that still generates the warning about “registering without email”. I also found a “tos = False” line in the conf file, but setting that to True made no difference.

If necessary I can provide config files, log files, etc.


#2

Try removing the tos field.


#3
  • same problem here
  • i tested it succesfully with this command:

letsencrypt renew --dry-run -m YOURMAIL --agree-tos


#4

I’m not a fully expert here and got my setup from the digitalocean tutorial.

The below call is working for me. Also in my weekly cron job.

/opt/letsencrypt/letsencrypt-auto renew


#5

Had a similar issue and this fixed it.

Thanks.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.