Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Renewal configuration file /usr/local/etc/letsencrypt/renewal/theoceanwindow.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
The following renewal configurations were invalid:
/usr/local/etc/letsencrypt/renewal/theoceanwindow.com.conf
My web server is (include version):
apache24
The operating system my web server runs on is (include version):
FreeBSD 14.2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 4.0.0
I have been abusing this server for the past couple of months
as show above, in trying to handle multiple sub domains on ip. I have REALLY REALLY messed up may cerrbot installation. I have been workin with SSLs.com. and have manage to get 4 of my subdomains uo using their trial certificate. My question is tif were is any way I can flush my cerbot installation so I can return with my head hung down to letsencrypt? My site if is basically now just a hobby/project.
@captcurrent I modified your original post to mention both of the apex domain names in your recent certificates. You used both in the Sectigo certs and the older ones from Let's Encrypt. Your most recent Sectigo cert is: crt.sh | 18526077112
I see you changed it back to just listing theoceanwindow. I had changed it because it is helpful for volunteers to know all the domains in a certificate. I mention it now to ensure any volunteers who wish to offer help know about that.
well currently both "apex" domains have same ip, This the discussion in my post about wild cards. SSLs.com. and handle wildcards in a certificate for a premium cost that I can't justify. as I have disposed al my paying clients. The current server is utilizing SAN in its certificates
So did you edit the conf file manually or was this caused by a glitch in certbot? I'd guess that you could move that file elsewhere as a backup then start a new certificate request with certbot to get a a new certificate configuration.
You could show us the content if that file, which might help.
You don't have to reinstall certbot (the app) itself, you just need to get the configuration working again.
just for your info. I am running Freebsd 14. 2 As predicted apache not happy camper. It is running with the certs from SSLs. That I want to replace... Should I clean them out?? Message was.
Unable to restart apache using ['apachectl', 'graceful']
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while >running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).
Error while running apachectl graceful.
apache24 not running? (check /var/run/httpd.pid).
Apachectl graceful runs from command line just fine
Apache wants a well-formed certificate, even a self signed snakeoil one will work. (or you can use certbot --standalone and then certbot reconfigure --apache when apache is running)
had to be certbot certonly.. I received one certficate. It covers all four domain. Wow. I am back to where I was before I screwed up. Now I have to figure how to use again with postfix and dovecot. Your are a saint. I hope my experience help others
note that most of that software needs reloading after a certificate renewal (also, --standalone doesn't work while apache is up, that's why I say to reconfigure), you can use --deploy-hook "command to reload your daemons"
