When attempting to re-create an incorrectly created cert, I deleted this single domain's directories in /live and /archive, and then after running certbot with our automation script, it created /live/domain-001 and /archive/domain-001, then again -002 and so on.
That behavior will prevent our automation tool from auto renewing the cert in the future because it expects to look at /live/domain.
Is there a way to reset that single domain to /live/domain? I decided to seek help as playing with the directory structure to fix things turned out to be a bad idea.
Any help here would be strongly appreciated.
Thanks.
To be safe, never manually delete files or folders under /etc/letsencrypt.
Use this to find the certificate names to delete:
sudo certbot certificates
Use this to safely delete those certificates by name:
sudo certbot delete --cert-name nameofcertificate
You can just make note of the domains and subdomains you want your certificate to cover then delete all of the unwanted certificates. Be sure not to restart your webserver until after you've acquired the correct certificate or your webserver won't start due to the certificate files being missing!
Would you say the work around mentioned here is appropriate?
[douglas.r@certbot-node ~]$ sudo certbot-auto delete --cert-name {DOMAIN}
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
TypeError: coercing to Unicode: need string or buffer, NoneType found
Please see the logfiles in /var/log/letsencrypt for more details.
2021-04-06 23:58:42,509:DEBUG:certbot._internal.main:certbot version: 1.6.0
2021-04-06 23:58:42,510:DEBUG:certbot._internal.main:Arguments: ['--cert-name', '{DOMAIN}']
2021-04-06 23:58:42,510:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-04-06 23:58:42,603:DEBUG:certbot._internal.log:Root logging level set at 20
2021-04-06 23:58:42,604:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-04-06 23:58:42,606:DEBUG:certbot._internal.storage:Removed /etc/letsencrypt/renewal/{DOMAIN}.conf
2021-04-06 23:58:42,606:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in
sys.exit(main())
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1353, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1005, in delete
cert_manager.delete(config)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/cert_manager.py", line 94, in delete
storage.delete_files(config, certname)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/storage.py", line 346, in delete_files
os.remove(link)
TypeError: coercing to Unicode: need string or buffer, NoneType found
2021-04-06 23:58:42,608:ERROR:certbot._internal.log:An unexpected error occurred:
2021-04-06 23:58:42,608:ERROR:certbot._internal.log:TypeError: coercing to Unicode: need string or buffer, NoneType found
It looks like deleting those two files fixed the issue, but apparently duplicate-certificate limit of 5 was reached so I'll have to try again in a few days.
Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week.
I ran into the same issue a while back on one of my installs. I am not sure what caused it, and I did not bother to dive into the code to find out exactly why. [My theories were it was a result from either 1) using multiple accounts, e.g. live + staging; or 2) changing some attribute in the cert that created a new lineage]
My solution, which has since worked:
Step 1:
I figured out which directories I wanted in /live and /archive, removed the others AND the files that corresponded to them in /renewal
Step 2:
I ensured the directories i kept had unversioned names, and then updated the files in /renewal to reflect that if needed
Is it messy? Yes. Can you break your install? yes. Did I break my install? No. Are these results guaranteed? No.
I've renewed several times and have not had incrementing directories.
