Certbot renew fullchain.pem failure

I-Dunno · December 12, 2021, 3:03pm

Hi Let's Encrypt community,

I have a problem renewing my SSL certificate. I've searched for the same problem on this site, but I couldn't find a solution that would work for my server, so I decided to create a new topic.

I've noticed that a redirection rule was set up incorrectly to:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

And I guess that's the problem why it couldn't renew automatically. So I've just changed it to:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

However, I still can't renew the certificate using the command below.

certbot renew or certbot renew --cert-name henrykondracki.com

Because it produces this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/henrykondracki.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for henrykondracki.com
http-01 challenge for www.henrykondracki.com
Cleaning up challenges
Attempting to renew cert (henrykondracki.com) from /etc/letsencrypt/renewal/henrykondracki.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for henrykondracki.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/henrykondracki.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/henrykondracki.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My domain is: henrykondracki.com

My web server is (include version):
OpenLiteSpeed 1.7.14

The operating system my web server runs on is (include version):
Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is:
certbot 0.40.0

MikeMcQ · December 12, 2021, 3:46pm

Welcome to this community @I-Dunno

Can you show the contents of this file? You can remove the line for account if you want.

I-Dunno · December 12, 2021, 3:59pm

Thanks, @MikeMcQ

I've sorted it out by adding the following code to my henrykondracki.com.conf file.

[[webroot_map]]
henrykondracki.com = /var/www/html
www.henrykondracki.com = /var/www/html

Osiris · December 12, 2021, 5:09pm

If I were you, I'd try to upgrade to latest certbot. If I recall correctly, there has been a bug in one of the versions where the webroot map got "eaten" by certbot (i.e.: they were gone..) I don't remember what situatiom that would happen, but there was something with disappearing webroot maps and that it was fixed

I-Dunno · December 12, 2021, 5:28pm

Thanks, @Osiris, I've updated certbot to version 1.22.0

system · January 11, 2022, 5:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.