Can't renew expired certificate on Debian 9/Apache server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: petteeolsen.com

I ran this command:certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/petteeolsen.com.conf

Attempting to parse the version 1.28.0 renewal configuration file found at /etc/letsencrypt/renewal/petteeolsen.com.conf with version 0.28.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Attempting to renew cert (petteeolsen.com) from /etc/letsencrypt/renewal/petteeolsen.com.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/petteeolsen.com/fullchain.pem (failure)

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/petteeolsen.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)
My web server is (include version):Apache/2.4.25

The operating system my web server runs on is (include version):
Debian GNU/Linux 9.13
My hosting provider, if applicable, is:
google cloud
I can login to a root shell on my machine (yes or no, or I don't know):
sudo, yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
ssh access
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.28.0

Hi @wmo, and welcome to the LE community forum

That looks like there might be more than one certbot version installed.

The staging environment, which is used with --dry-run, requires POST-as-GET requests, which was added in Certbot version 0.34.0. I agree with Rudy and that you should figure out where your version 1.28.0 of Certbot went and figure out how to use that one specifically. (Tip: remove the ancient 0.28.0 version.)

I removed the 0.28.0 and was able to install 1.30, good news.
I am on google cloud and I have the info for the following but I don' know there to put the file?
{
"type": "service_account",
"project_id": "...",
"private_key_id": "...",
"private_key": "...",
"client_email": "...",
"client_id": "...",
"auth_uri": "Sign in - Google Accounts",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "..."
}

any help is appreciated.

How does that relate to your first post where you were using Certbot Apache plug-in to get a cert?

Please close ticket. We move to debian 10 and it is now working. Too many old packages in Debian 9 also it is now end of support