Can't renew certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

certbot --apache renew --force-renewal

It produced this output:

certbot --apache renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


My web server is (include version):

Server version: Apache/2.4.41 (Linux/SUSE)
Server built: 2020-01-20 13:06:59.000000000 +0000

The operating system my web server runs on is (include version):

LSB Version: core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0.fake-amd64:desktop-4.0.fake-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0.fake-amd64:graphics-4.0.fake-noarch
Distributor ID: openSUSE
Description: openSUSE Tumbleweed
Release: 20200128
Codename: n/a

Linux almach 5.4.14-1-default #1 SMP Thu Jan 23 08:54:47 UTC 2020 (fc4ea7a) x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):


I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 1.1.0

Thanks for your help :slight_smile:

1 Like

Unrelated, but certbot 1.3.0 was just released.

Just to be 100% certain there is nothing weird, please show file:

then also, the output of:
apachectl -S

1 Like

File /etc/letsencrypt/renewal/

# renew_before_expiry = 30 days
version = 0.40.1
archive_dir = /etc/letsencrypt/archive/
cert = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

# Options used in the renewal process
account = d8ebabe9b75f58afb408d956bdadddb6
authenticator = apache
installer = apache
server =

Output of apachectl -S

base) almach:/srv/www/vhosts/ # apachectl -S
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server (/etc/apache2/vhosts.d/
         port 80 namevhost (/etc/apache2/vhosts.d/
         port 80 namevhost (/etc/apache2/vhosts.d/
         port 80 namevhost (/etc/apache2/vhosts.d/
         port 80 namevhost (/etc/apache2/vhosts.d/
ServerRoot: "/srv/www"
Main DocumentRoot: "/srv/www/htdocs"
Main ErrorLog: "/var/log/apache2/error_log"
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/" mechanism=default 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/"
Define: SSL
Define: phpMyAdmin
User: name="wwwrun" id=464
Group: name="www" id=466

I have to admit I just changed my webserver configuration. I now am trying to setup two virtual hosts:

One with URL:
Another with URL:

I just swapped out the .conf files to onese that don’t require SSL certificates. Having problems :frowning:

1 Like

Is there a way I can delete my old certificate and create a new one?

1 Like

You can delete your old certificate with certbot delete (specifying the certificate name to delete with the --cert-name option, but this is rarely beneficial. For example, if your web server configuration still refers to the old certificate anywhere, deleting it could prevent your web server from starting up.

If you have a valid certificate that covers names that you need, it’s generally a good idea to keep it and keep using it; deleting it rarely solves any problems.

If you need to change the names that are covered by a particular certificate, you can reissue it with certbot certonly, specifying the existing certificate name with --cert-name and all of the desired names that will be covered in the newly-issued certificate with -d options.

1 Like

The names are repeated (twice each):

port 80 namevhost   (/etc/apache2/vhosts.d/
port 80 namevhost   (/etc/apache2/vhosts.d/

port 80 namevhost (/etc/apache2/vhosts.d/
port 80 namevhost (/etc/apache2/vhosts.d/

I can only assume that their files are INCLUDED twice.
Check you config for include statements and ensure there are no files/folders with duplicate inclusions.

1 Like

I got same problem past night, but now everything running well. I am using Let’s encrypt plugins on cPanel.

I was able to resolve my issue.

My DocumentRoot settings were set here /srv/www/vhosts/

For some reason I needed to put them here: /srv/www/htdocs/

Then it worked.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.