Certbot keeps incrementing /live and /archive domain directories

Hi,

When attempting to re-create an incorrectly created cert, I deleted this single domain's directories in /live and /archive, and then after running certbot with our automation script, it created /live/domain-001 and /archive/domain-001, then again -002 and so on.

That behavior will prevent our automation tool from auto renewing the cert in the future because it expects to look at /live/domain.

Is there a way to reset that single domain to /live/domain? I decided to seek help as playing with the directory structure to fix things turned out to be a bad idea.

Any help here would be strongly appreciated.
Thanks.

1 Like

Welcome to the Let's Encrypt Community, Douglas :slightly_smiling_face:

To be safe, never manually delete files or folders under /etc/letsencrypt.

Use this to find the certificate names to delete:

sudo certbot certificates

Use this to safely delete those certificates by name:

sudo certbot delete --cert-name nameofcertificate

You can just make note of the domains and subdomains you want your certificate to cover then delete all of the unwanted certificates. Be sure not to restart your webserver until after you've acquired the correct certificate or your webserver won't start due to the certificate files being missing!

2 Likes

@griffin, thanks a lot for your reply.

Unfortunately deleting with certbot delete didn't work as you can see in the logs below. I was able to delete another cert that I had not manually deleted files from just fine, so it does not look like an argument problem. Instead, this seems to be a long-known bug? Messing with /etc/letsencrypt leads to An unexpected error occurred. TypeError: coercing to Unicode: need string or buffer, NoneType found. · Issue #1195 · certbot/certbot · GitHub

Would you say the work around mentioned here is appropriate?

[douglas.r@certbot-node ~]$ sudo certbot-auto delete --cert-name {DOMAIN}
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
TypeError: coercing to Unicode: need string or buffer, NoneType found
Please see the logfiles in /var/log/letsencrypt for more details.

2021-04-06 23:58:42,509:DEBUG:certbot._internal.main:certbot version: 1.6.0
2021-04-06 23:58:42,510:DEBUG:certbot._internal.main:Arguments: ['--cert-name', '{DOMAIN}']
2021-04-06 23:58:42,510:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-04-06 23:58:42,603:DEBUG:certbot._internal.log:Root logging level set at 20
2021-04-06 23:58:42,604:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-04-06 23:58:42,606:DEBUG:certbot._internal.storage:Removed /etc/letsencrypt/renewal/{DOMAIN}.conf
2021-04-06 23:58:42,606:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in
sys.exit(main())
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1353, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1005, in delete
cert_manager.delete(config)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/cert_manager.py", line 94, in delete
storage.delete_files(config, certname)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/storage.py", line 346, in delete_files
os.remove(link)
TypeError: coercing to Unicode: need string or buffer, NoneType found
2021-04-06 23:58:42,608:ERROR:certbot._internal.log:An unexpected error occurred:
2021-04-06 23:58:42,608:ERROR:certbot._internal.log:TypeError: coercing to Unicode: need string or buffer, NoneType found

1 Like

I suppose the next step is to manually remove the renewal configuration files as well.

What says this:

sudo ls -lRa /etc/letsencrypt

1 Like

That output would be huge, but this is what I see in /etc/letsencrypt:

[douglas.r@certbot-node ~]$ sudo find /etc/letsencrypt/ -iname "{DOMAIN}*"
/etc/letsencrypt/renewal/{DOMAIN}-0002.conf
/etc/letsencrypt/renewal/{DOMAIN}-0001.conf

1 Like

It looks like deleting those two files fixed the issue, but apparently duplicate-certificate limit of 5 was reached so I'll have to try again in a few days.

Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week.

Thanks!!

1 Like

I ran into the same issue a while back on one of my installs. I am not sure what caused it, and I did not bother to dive into the code to find out exactly why. [My theories were it was a result from either 1) using multiple accounts, e.g. live + staging; or 2) changing some attribute in the cert that created a new lineage]

My solution, which has since worked:

Step 1:
I figured out which directories I wanted in /live and /archive, removed the others AND the files that corresponded to them in /renewal

Step 2:
I ensured the directories i kept had unversioned names, and then updated the files in /renewal to reflect that if needed

Is it messy? Yes. Can you break your install? yes. Did I break my install? No. Are these results guaranteed? No.

I've renewed several times and have not had incrementing directories.

1 Like