Certbot renew is not working , but certbot renew --dry-run works fine

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: codemongoose.com

I ran this command: certbot renew

It produced this output: Attempting to renew cert from /etc/letsencrypt/renewal/codemongoose.com.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/493759046f2043b57d7791d1aebd4bd6 does not exist. Skipping.

My web server is (include version): Apache/2.4.10 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 8.8 (jessie)

My hosting provider, if applicable, is: IBM softlayer

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

i used this command to produce certificates.
certbot certonly -a webroot --webroot-path=path -d domain.com -d www.domain.com

certbot version is certbot 0.10.2

everytime i need to let the certificate expire and create new . renewal never works .

Hi @gotham,

Seems you have deleted the original account or messed it a bit. Could you please show the output of the following commands?.

ls -la /etc/letsencrypt/renewal/
ls -la /etc/letsencrypt/live/
cat /etc/letsencrypt/renewal/codemongoose.com.conf
ls -lRa /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/

Cheers,
sahsanu

I am sorry .Those are shifted from other servers.which run with same specs .Recently i moved those sites from that server to this new one .Since then the problem persists. I copied live/ archive/ renewal/ folders as stated by @schoen . i used this command to apply certs in new server.

certbot -i apache --reinstall --cert-name your-cert-name

May be revoking and regenerating certs will help me .

@gotham, the problem here is that your /etc/letsencrypt/renewal/codemongoose.com.conf have a parameter like this:

account = 493759046f2043b57d7791d1aebd4bd6

But you don't have an account with that id in dir /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/, you should have another one.

If you already have an account there, simply copy the long dir string and replace this parameter account = 493759046f2043b57d7791d1aebd4bd6 in /etc/letsencrypt/renewal/codemongoose.com.conf with the current account id.

Revoking a cert won't help you in this case, indeed you should not revoke a certificate if your private key has not been compromised but you can clean up your /etc/letsencrypt/ dir and start over if that is easiest for you.

Cheers,
sahsanu

1 Like

You forgot to copy the /etc/letsencrypt/accounts/ dir.

yes absolutely right .I never copied accounts directory. In this server it shows some other account id. should i edit manually and replace it with current accout id? will it help me ? or do i need to delete certs of this domain and create certs with this account id ?

Yes, it should work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.