Cerbot Renewal Error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: my.immerseme.co

I ran this command: sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/immerseme.4thmedia.co.nz.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-cloudflare, Installer None
Renewing an existing certificate
Attempting to renew cert (immerseme.4thmedia.co.nz) from /etc/letsencrypt/renewal/immerseme.4thmedia.co.nz.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skippin
g.

Processing /etc/letsencrypt/renewal/my.immerseme.co.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator dns-cloudflare, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for my.immerseme.co
Unsafe permissions on credentials configuration file: /root/.config/certbot/cloudflare.ini
Cleaning up challenges
Attempting to renew cert (my.immerseme.co) from /etc/letsencrypt/renewal/my.immerseme.co.conf produced an unexpected error: Unable to determine zone_id for my.immerseme.co using zone names: [‘my.immerseme.co’, ‘immerseme.co’, ‘co’]. Please confir
m that the domain name has been entered correctly and is already associated with the supplied Cloudflare account… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/immerseme.4thmedia.co.nz/fullchain.pem (failure)
/etc/letsencrypt/live/my.immerseme.co/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/immerseme.4thmedia.co.nz/fullchain.pem (failure)
/etc/letsencrypt/live/my.immerseme.co/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

2 renew failure(s), 0 parse failure(s)

My web server is (include version): Cloudflare

The operating system my web server runs on is (include version): Linux Ubuntu?

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I am new to using certbot and renewing certificates in general. I am the new maintainer of this website the previous company 4thMedia set up the certificate. I do not need to renew the immerseme.4thmedia.co.nz URL, just need to renew my.immerseme.co, is there anyway I can specify which certificate to renew and also fix the errors that are being produced? I think it might have to do with the singular ‘co’ domain name but don’t want to make any changes without knowing for sure. Any help is appreciated!

Yes, but you have to use the "cert name".in the renew command line.
[otherwise it will try to renew ALL certs - not exactly a bad thing thou]
You can get the "cert name" with this command output:
sudo cerbot certificates

As for:

We may need to look at the renewal conf files and see what is causing errors.

A post was split to a new topic: Certbot renewal error

It seems that CloudFlare account is not associated with those domain names.
Perhaps it has been changed (recently).
In any case, you will need to verify the account settings before reattempting a renewal for this cert.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.