Can not renew certificates


#1

I just received my “Let’s Encrypt certificate expiration notice” and tried to renew my certificate. I have read 20+ forum threads and “googled” how to solve this to no avail.

My system is:
uname -a
Linux homeserver 4.4.50-v7+ #970 SMP Mon Feb 20 19:18:29 GMT 2017 armv7l GNU/Linux

/usr/sbin/apache2 -v
Server version: Apache/2.4.10 (Raspbian)
Server built: Sep 17 2016 16:40:43

The commands I ran are:

pi@homeserver:/etc/letsencrypt $ certbot renew --dry-run
-bash: certbot: command not found

pi@homeserver:/etc/letsencrypt $./letsencrypt-auto --apache -d 3butz.com -d www.3butz.com
-bash: ./letsencrypt-auto: No such file or directory

The error is consistently “No such file or directory”. What do I need to renew my certs.

I appreciate the help.


#2

How did you get the certificate in the first place?

My first tip would be: don’t loose your client.

My second tip would be to use something like locate certbot or locate letsencrypt to find the location.


#3

All of these instructions depend on how Certbot was installed and, as @Osiris indicates, they’re assuming that you’re running Certbot the same way that it was originally run to obtain the certificate.

There are many alternatives to Certbot. If someone else obtained the certificate for you, it’s possible that they didn’t use Certbot at all. In that case, none of the online examples that use Certbot will apply to your situation!


#4

Thanks @Osiris @schoen for the reply. That said, how do I renew or remove & reissue my certs. I can not remember how I initially installed them, I believe it was through certbox, but can’t be certain.

Thanks agan


#5

The way to renew the certificates is totally different depending on how you originally obtained and installed them.

To check whether you used Certbot, you can try running the command

ls /etc/letsencrypt

On a system where Certbot has been used to obtains certificates, you should see output beginning with accounts. On a system where Certbot has never been used, you should see an error message like ls: cannot access /etc/letsencrypt: No such file or directory.


#6

@schoen, thanks it looks like I did use certbox because I have the “accounts” folder. Now, what is the process to renew my cert. I ha e already used the: certbot renew --dry-run command but recieved the error “bash: certbot: command not found”

Thanks


#7

These commands worked for my Raspberry Pi. I am also running Apache2 server.

cd ~
wget https://dl.eff.org/certbot-auto
chmod 700 certbot-auto
~/certbot-auto
sudo ~/certbot-auto --apache

You need to call certbot-auto twice because it needs to download packages and ask for your email etc. on the first run and would not actually get your certificates.

For NTC CHIP, you can get Certbot from the beta repository, which doesn’t seem to work on Raspberry Pi. Also, Certbot will brick NTC CHIP if Apache is set to auto-start. I wiped the server 3 times to finally figure it out DX
Run this to prevent Apache from auto-starting: sudo systemctl disable apache2


#8

The commands that @jspenguin2017 suggested will re-download certbot-auto, which is fine if you want to do that. If you’d like to find your existing copy, you can try locate certbot and see what the output looks like.

Different people have different ways of running Certbot because they have installed it in different ways and in different locations on their system. The form ./certbot-auto, for example, means to run it from the current directory, which only works when you’re in the same directory where it was installed.


#9

@schoen, I want to make sure I get this right. locate certbot produced this output:
“pi@homeserver:~ $ locate certbot
/etc/letsencrypt/csr/0000_csr-certbot.pem”

So that tells me certbot is installed. What is the process now to renew the certificate, run “certbot renew --dry-run”? If so, from what directory, because " “pi@homeserver:/etc/letsencrypt $ certbot renew --dry-run” doesn’t work.

Thanks for your patients.


#10

If the client was called certbot and was installed, it should have detected more than just the CSR.

You might want to try locate letsencrypt


#11

@Osiris this is the result of the “locate let’s encrypt”:

pi@homeserver:~ $ locate letsencrypt
/etc/letsencrypt
/etc/letsencrypt/accounts
/etc/letsencrypt/archive
/etc/letsencrypt/csr
/etc/letsencrypt/csr/0000_csr-certbot.pem
/etc/letsencrypt/keys
/etc/letsencrypt/live
/etc/letsencrypt/options-ssl-apache.conf
/etc/letsencrypt/renewal
/etc/letsencrypt/renewal/www.3butz.com.conf
/var/lib/letsencrypt
/var/lib/letsencrypt/backups
/var/lib/letsencrypt/backups/1486544650.62
/var/lib/letsencrypt/backups/1486544650.62/000-default-le-ssl.conf_0
/var/lib/letsencrypt/backups/1486544650.62/CHANGES_SINCE
/var/lib/letsencrypt/backups/1486544650.62/COMMANDS
/var/lib/letsencrypt/backups/1486544650.62/FILEPATHS
/var/lib/letsencrypt/backups/1486544650.62/NEW_FILES
/var/lib/letsencrypt/backups/1486544662.78
/var/lib/letsencrypt/backups/1486544662.78/000-default.conf_0
/var/lib/letsencrypt/backups/1486544662.78/CHANGES_SINCE
/var/lib/letsencrypt/backups/1486544662.78/COMMANDS
/var/lib/letsencrypt/backups/1486544662.78/FILEPATHS
/var/log/letsencrypt


#12

Looks like somehow your client (certbot, which was renamed from the old name letsencrypt) was somehow uninstalled.

You can reinstall it by following the guide on https://certbot.eff.org


#13

@Osiris that worked perfectly. Thank you.


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.