Cert don't renew

Hi guys.

I’m running letscrypt since… something like the beginning of the adventure of let’s encrypt, but today, i’m not able to renew my certificates.

Here the message:
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mydomain.fr
    Type: unauthorized
    Detail:
    I can’t Renew my certificates:
    I ran the command below (./letsencrypt-auto renew), and I’ve got this message:
    root@web:/opt/letsencrypt# ./letsencrypt-auto renew
    Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap)
    Réception de :1 http://debian.mirrors.ovh.net/debian buster InRelease
    Réception de :2 http://debian.mirrors.ovh.net/debian buster-backports InRelease [46,7 kB]
    Atteint :3 http://security.debian.org buster/updates InRelease
    164 ko réceptionnés en 2s (104 ko/s)
    Lecture des listes de paquets… Fait
    Lecture des listes de paquets… Fait
    Construction de l’arbre des dépendances
    Lecture des informations d’état… Fait
    augeas-lenses est déjà la version la plus récente (1.11.0-3).
    libaugeas0 est déjà la version la plus récente (1.11.0-3).
    ca-certificates est déjà la version la plus récente (20190110).
    gcc est déjà la version la plus récente (4:8.3.0-1).
    libffi-dev est déjà la version la plus récente (3.2.1-9).
    libssl-dev est déjà la version la plus récente (1.1.1c-1).
    openssl est déjà la version la plus récente (1.1.1c-1).
    python est déjà la version la plus récente (2.7.16-1).
    python-dev est déjà la version la plus récente (2.7.16-1).
    python-virtualenv est déjà la version la plus récente (15.1.0+ds-2).
    virtualenv est déjà la version la plus récente (15.1.0+ds-2).
    0 mis à jour, 0 nouvellement installés, 0 à enlever et 71 non mis à jour.
    Creating virtual environment…
    Traceback (most recent call last):
    File “/usr/lib/python3/dist-packages/virtualenv.py”, line 2375, in
    main()
    File “/usr/lib/python3/dist-packages/virtualenv.py”, line 724, in main
    symlink=options.symlink)
    File “/usr/lib/python3/dist-packages/virtualenv.py”, line 992, in create_environment
    download=download,
    File “/usr/lib/python3/dist-packages/virtualenv.py”, line 922, in install_wheel
    call_subprocess(cmd, show_stdout=False, extra_env=env, stdin=SCRIPT)
    File “/usr/lib/python3/dist-packages/virtualenv.py”, line 817, in call_subprocess
    % (cmd_desc, proc.returncode))
    OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1
    Traceback (most recent call last):
    File “”, line 27, in
    File “”, line 19, in create_venv
    File “/usr/lib/python2.7/subprocess.py”, line 190, in check_call
    raise CalledProcessError(retcode, cmd)
    subprocess.CalledProcessError: Command ‘[‘virtualenv’, ‘–no-site-packages’, ‘–python’, ‘/usr/bin/python2.7’, ‘/opt/eff.org/certbot/venv’]’ returned non-zero exit status 1

To renew certs, I ran this command:
./letsencrypt-auto renew

My web server is (include version):
Server version: Apache/2.4.25 (Debian)
Server built: 2019-04-02T19:05:13

The operating system my web server runs on is (include version): Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site : no, CLI Only

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): don’t know… these commands give me nothing…

Hi @maxidebiax

letsencrypt-auto is the old name.

What says

letsencrypt-auto --version

Perhaps install certbot-auto new:

What says
letsencrypt-auto --version

Command not found…

I used to go in /opt/letsencrypt/ and run “./letsencrypt-auto renew”.
So now, It’s not the good way to do so ?

So, I have to install certbot-auto first, and then ? It will find by “itself” my websites on my server ?

I’m really sorry about my dummies questions, but I did my certificates a long time ago, and I can’t really remember how I succeeded… but now, It doesn’t work anymore, and I’m feeling a little bit lost and worried.

1 Like

Then do the same - go in that directory and use

./letsencrypt-auto --version
1 Like

It’s giving me a command error:

Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap)
Réception de :1 http://debian.mirrors.ovh.net/debian buster InRelease [118 kB]
Réception de :2 http://debian.mirrors.ovh.net/debian buster-backports InRelease [46,7 kB]
Atteint :3 http://security.debian.org buster/updates InRelease
164 ko réceptionnés en 2s (92,4 ko/s)
Lecture des listes de paquets… Fait
Lecture des listes de paquets… Fait
Construction de l’arbre des dépendances
Lecture des informations d’état… Fait
augeas-lenses est déjà la version la plus récente (1.11.0-3).
libaugeas0 est déjà la version la plus récente (1.11.0-3).
ca-certificates est déjà la version la plus récente (20190110).
gcc est déjà la version la plus récente (4:8.3.0-1).
libffi-dev est déjà la version la plus récente (3.2.1-9).
libssl-dev est déjà la version la plus récente (1.1.1c-1).
openssl est déjà la version la plus récente (1.1.1c-1).
python est déjà la version la plus récente (2.7.16-1).
python-dev est déjà la version la plus récente (2.7.16-1).
python-virtualenv est déjà la version la plus récente (15.1.0+ds-2).
virtualenv est déjà la version la plus récente (15.1.0+ds-2).
0 mis à jour, 0 nouvellement installés, 0 à enlever et 71 non mis à jour.
Creating virtual environment…
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/virtualenv.py”, line 2375, in
main()
File “/usr/lib/python3/dist-packages/virtualenv.py”, line 724, in main
symlink=options.symlink)
File “/usr/lib/python3/dist-packages/virtualenv.py”, line 992, in create_environment
download=download,
File “/usr/lib/python3/dist-packages/virtualenv.py”, line 922, in install_wheel
call_subprocess(cmd, show_stdout=False, extra_env=env, stdin=SCRIPT)
File “/usr/lib/python3/dist-packages/virtualenv.py”, line 817, in call_subprocess
% (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1
Traceback (most recent call last):
File “”, line 27, in
File “”, line 19, in create_venv
File “/usr/lib/python2.7/subprocess.py”, line 190, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ‘[‘virtualenv’, ‘–no-site-packages’, ‘–python’, ‘/usr/bin/python2.7’, ‘/opt/eff.org/certbot/venv’]’ returned non-zero exit status 1

Hi @maxidebiax,

I’m not certain, but I wonder if one problem is a version conflict somehow between Python 2.7 and Python 3 here.

Could you try deleting /opt/eff.org/certbot/venv and then trying your letsencrypt-auto command again? (as @JuergenAuer alluded to, the official name for this command has been certbot-auto for a few years now, although this difference shouldn’t affect anything here)

1 Like

Thank you for your help,
I deleted the folder /opt/eff.org/certbot/venv, and run the command to renew, and same error…

@bmw, can you understand this virtualenv-related problem with certbot-auto?

1 Like

Not at first glance. You can try reproducing the problem outside of certbot-auto by running virtualenv --no-site-packages --python /usr/bin/python2.7 /some/path. That may give you more output about what went wrong and at least helps narrow down the problem.

With that said, I recommend you use the packages available in Debian Buster’s repos which can be installed with sudo apt install certbot.

1 Like

Ok, No problem with certbot installation. I’ve just done it.

How can I renew my certificate, without breaking everything ?

If I get it well, I’ve to recreate certs from scratch… not a problem for me… But is there any chance that a conflict appear between old and new certs ?

If not, the command to run is :

certbot --apache -d www.example.com

Is that correct ?
Thanks again for your help.

Your setup is unknown.

There is a standard template which is helpful.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


Maybe. Perhaps you should create certificates with two domain names:

certbot --apache -d www.example.com -d example.com

so both versions (non-www and www) are secure.

I used the standard template in my first message… But i’ll do it again if you want…

My domain is:
I ran this command: cd /opt/letsencrypt/ && ./letsencrypt-auto renew
It produced this output: watch previous messages
My web server is (include version): Apache 2
Server version: Apache/2.4.25 (Debian)
Server built: 2019-04-02T19:05:13
The operating system my web server runs on is (include version): Debian Buster
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): CLI only
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Fresh install, never used : 0.31.0

Switching from certbot-auto to the OS-packaged version of Certbot doesn’t delete or invalidate old certificates, and Certbot should continue to recognize the presence of the previous ones, allowing you to use certbot renew.

Thanks for your help. In fact, certbot installation + the same process to renew certificates did the stuff.
Thanks again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.