#1 - I will check the jobs, but this server is behind a router and port 80 is NOT forwarded to it so any requests sent to it currently will fail. I only open the port when needed to renew.
#3 - No, the two servers can't talk to each other and don't know about each other.
#4 - It is my understanding the "installation" is a combination of certificates concatenated together:
Or something to that affect. I tried it manually once when setting up this server back in July, 2022 before setting up Let's Encrypt. So, I was thinking, since the certificate setup on my server isn't quite right I would just do it manually with the already issued certificate; if I could find a step-by-step plan to make sure I get it right.
No. Certbot creates cert.pem, chain.pem, fullchain.pem, and privkey.pem. Usually you just use fullchain.pem and privkey.pem although in some obscure servers you do odd combinations. If you let us know what mail server you are running we might be able to advise.
Have you tried running sudo certbot certificates ?
That will rule out your symlink errors being due to permissions. But, your comment makes me believe you corrupted the certbot files unintentionally.
rg305 - I might have some notes, I can check. However; I deleted everything to do with the SSL back then and then installed certbot and followed steps I thought were valid to create the certificate which worked the first and second time, but this third time something happened but I don't know what.
MikeMcQ - I ran the command "sudo certbot certificates" and still have the same errors:
Renewal configuration file /etc/letsencrypt/renewal/mail.allanimals.info-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/mail.allanimals.info-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/mail.allanimals.info.conf produced an unexpected error: target /etc/letsencrypt/archive/mail.allanimals.info-0001/cert1.pem of symlink /etc/letsencrypt/live/mail.allanimals.info/cert.pem does not exist. Skipping.
If I can fix it, great, or I can rename the letsencrypt directory and grab a new certificate.
Here is the procedure I had used to get a new certificate the last two times. Somehow I did not know about the "certbot renew" and the second time the certbot renew did not run automatically so I used the --force-renewal option, which worked, which is why I tried it again this time.
I am running on Ubuntu Server 20.04
====================
Need to specify RSA key only - email server must have RSA key for now
sudo /opt/zimbra/libexec/zmfixperms
** change to zimbra admin **
cd ~
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem
zmcontrol restart
Done, verify
==================
As I said above, this may be wrong, but it has worked fine, no errors, twice over the past 6 months and I only do it manually, NOT automatically.
I appreciate the insight and knowledge from your experience. Thanks.
All we can do is...
If you don't need the -0001 cert, we can remove all trace of it and move on as if it never happened.
[I don't like not knowing what went wrong - and I would suspecet that it could happen again]
But that is your call.
You can back up the entire /etc/letsencrypt/ if you like before we do anything [to be extra safe].
You really need to just follow directions.
I don't know what you've shown now.
I do apologize if I'm not reading your posts thoroughly [enough].
But this is something I'm not being paid to do and I'm trying to squeeze it in while doing seven other things.
So, I really need you to just give me what I ask of you.