Cannot renew: domain.conf is broken/invalid

My domain is:

I ran this command: sudo certbot renew --dry-run

It produced this output:
note that there were several domains. I have trimmed to show only one

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/”, line 67, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/usr/lib/python3/dist-packages/certbot/”, line 444, in init
“file reference”.format(self.configfile))
certbot.errors.CertStorageError: renewal config file {‘version’: ‘0.31.0’, ‘archive_dir’: ‘/etc/letsencrypt/archive/’, ‘cert-path’: ‘/etc/letsencrypt/live/’, ‘privkey’: ‘/etc/letsencrypt/live/’, ‘chain’: ‘/etc/letsencrypt/live/’, ‘fullchain’: ‘/etc/letsencrypt/live/’, ‘renewalparams’: {‘account’: ‘6ac2cccec2a0246f1f989176f9199952’, ‘authenticator’: ‘webroot’, ‘server’: ‘’, ‘webroot_map’: {‘’: ‘/var/www/’, ‘’: ‘/var/www/’}}} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Please show this file:

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/
cert-path = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

# Options used in the renewal process
account = 6ac2cccec2a0246f1f989176f9199952
authenticator = webroot
server =
[[webroot_map]] = /var/www/ = /var/www/

Does that path still exist?

Yes. /var/www/ is a valid path

What says?:
sudo apt update
sudo apt list --upgradable

1 package can be upgraded. Run 'apt list --upgradable' to see it.
$ apt list --upgradable
Listing... Done 0.99-0ubuntu3~18.04.3 amd64 [upgradable from: 0.97-0ubuntu1~18.04.1]
N: There are 3 additional versions. Please use the '-a' switch to see them.

Did you run this first?:
sudo apt update

I did do that first. It was just that I clipped the output and missed it.


Try reinstalling certbot from the instructions found at:

1 Like

OK. Will do.

I’ll have to report back tomorrow as I have to run now. Thanks for your suggestions.


I followed the snapd instructions and everything seems to be working.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.