Certbot - error with renewal certificates

Greg94 · December 10, 2025, 2:38pm

Hi Everyone,

I want to request a problem with renewal certificates via certbot. I have got a strange situation, because when I am trying to run manuall command: certbot renew - it is working properly, but when I use from certbot.timer and certbot.service from system's service - it doesn't work.

Output with errors:
2025-12-10 10:51:44,336:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-12-10 10:51:44,337:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1460, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 500, in handle_renewal_request
raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-12-10 10:51:44,337:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

cerbot --version: 1.21.0

MikeMcQ · December 10, 2025, 3:56pm

That systemd timer based Certbot is using an older version 1.21. Current is 5.2.1 by the way

First, let's look at the renewal config file. Please show output of this to get started

sudo certbot certificates

Greg94 · December 11, 2025, 8:06am

Hi,
This command generated details regarding certificates, keys and expiry date. It looks good.
Maybe, no correctly describe my problems with cerbot, so generally, certbot is working fine, when I use command certbot renew.
But I want that cerbot should work automatically without run any command from my side, only by system.

MikeMcQ · December 11, 2025, 2:48pm

Yes, I wanted to see the output to know more about the Certbot configuration for its certificates.
The error message during your timer renewal said something is wrong with a Certbot config file.

Instead of above would you show the contents of every conf file in /etc/letsencrypt/renewal. You can redact the account number if you wish

Also show output of: certbot --version

Greg94 · December 12, 2025, 1:26pm

Hi,
Below example:

'#' renew_before_expiry = 30 days

version = 1.21.0
archive_dir = /etc/letsencrypt/archive/test
cert = /etc/letsencrypt/live/test/cert.pem
privkey = /etc/letsencrypt/live/test/privkey.pem
chain = /etc/letsencrypt/live/test/chain.pem
fullchain = /etc/letsencrypt/live/test/fullchain.pem

'#' Options used in the renewal process

[renewalparams]
account = test
renew_hook = /usr/local/bin/certbot_post_copy.sh
authenticator = test
dns_cloudflare_credentials = /etc/letsencrypt/test
server = https://acme-v02.api.letsencrypt.org/directory

-rw-r--r-- 1 root root

MikeMcQ · December 12, 2025, 1:54pm

There is not much I can do with sample info. I've asked for specific info a couple times now. And, you didn't fill out much of the info from the form you were shown when posting.

You could try upgrading your 4 year old version of Certbot to the current version.

The snap install is recommended: https://certbot.eff.org/

If you can't do that try the pip install but be sure to follow those instructions carefully.

If you can't get Certbot working properly you might try a different ACME Client. We often recommend lego see Installation :: Let’s Encrypt client and ACME library written in Go.

For other options see: ACME Client Implementations - Let's Encrypt

You could try posting at the EFF's github for Certbot. But, without specific info and using a very old version I don't know what they'll be able to do for your either. See: GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

Greg94 · December 12, 2025, 2:02pm

cert = /etc/letsencrypt/live/test/test.cert.pem
authenticator = dns-cloudflare

Is it better ?

hebbet · December 12, 2025, 7:52pm

Post the Output of that command Here.

sudo certbot certificates

As you might know, all certs are logged to Public cert logs, so not telling etc the domain, makes helping a lot harder.

system · January 11, 2026, 7:53pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Automatice renew not working, certbot.renew.timer missing Help	5	2370	January 30, 2023
Certbot renewing automatically Server	3	2254	August 1, 2018
Is the renew timer running on my machine as it is supposed to? Help	5	6250	May 2, 2020
How to automate renewal on Debian Buster Help	11	4296	May 21, 2020
Renewal question Help	9	768	September 29, 2021

Certbot - error with renewal certificates

Related topics