Thanks rg305.

#1 - I will check the jobs, but this server is behind a router and port 80 is NOT forwarded to it so any requests sent to it currently will fail. I only open the port when needed to renew.

#3 - No, the two servers can't talk to each other and don't know about each other.

#4 - It is my understanding the "installation" is a combination of certificates concatenated together:

cat mydomain.crt intermediate.crt root.crt >> ssl-bundle.crt

Or something to that affect. I tried it manually once when setting up this server back in July, 2022 before setting up Let's Encrypt. So, I was thinking, since the certificate setup on my server isn't quite right I would just do it manually with the already issued certificate; if I could find a step-by-step plan to make sure I get it right.

Thanks.

No. Certbot creates cert.pem, chain.pem, fullchain.pem, and privkey.pem. Usually you just use fullchain.pem and privkey.pem although in some obscure servers you do odd combinations. If you let us know what mail server you are running we might be able to advise.

Have you tried running sudo certbot certificates ?
That will rule out your symlink errors being due to permissions. But, your comment makes me believe you corrupted the certbot files unintentionally.

Do you have notes from that install?

rg305 - I might have some notes, I can check. However; I deleted everything to do with the SSL back then and then installed certbot and followed steps I thought were valid to create the certificate which worked the first and second time, but this third time something happened but I don't know what.

MikeMcQ - I ran the command "sudo certbot certificates" and still have the same errors:

Renewal configuration file /etc/letsencrypt/renewal/mail.allanimals.info-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/mail.allanimals.info-0001/cert.pem to be a symlink. Skipping.

Renewal configuration file /etc/letsencrypt/renewal/mail.allanimals.info.conf produced an unexpected error: target /etc/letsencrypt/archive/mail.allanimals.info-0001/cert1.pem of symlink /etc/letsencrypt/live/mail.allanimals.info/cert.pem does not exist. Skipping.

If I can fix it, great, or I can rename the letsencrypt directory and grab a new certificate.

Here is the procedure I had used to get a new certificate the last two times. Somehow I did not know about the "certbot renew" and the second time the certbot renew did not run automatically so I used the --force-renewal option, which worked, which is why I tried it again this time.

I am running on Ubuntu Server 20.04

====================
Need to specify RSA key only - email server must have RSA key for now

1. sudo certbot certonly --force-renewal --key-type rsa --preferred-chain "ISRG Root X1"
2. sudo cp /etc/letsencrypt/live/mail.allanimals.info/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
3. sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
4. sudo wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
5. sudo cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.allanimals.info/chain.pem
6. sudo cp /etc/letsencrypt/live/mail.allanimals.info/* /opt/zimbra/ssl/letsencrypt/
7. sudo chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
8. sudo /opt/zimbra/libexec/zmfixperms
   ** change to zimbra admin **
9. cd ~
10. /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem
11. /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem
12. zmcontrol restart
13. Done, verify

==================
As I said above, this may be wrong, but it has worked fine, no errors, twice over the past 6 months and I only do it manually, NOT automatically.

I appreciate the insight and knowledge from your experience. Thanks.

Please remove that from your command/script.

We are here to help with that.
To that end, let's start with:
ls -l /etc/letsencrypt/archive/mail.allanimals.info-0001/

I appreciate that.

===================
-rw-r--r-- 1 root root 1858 Oct 30 14:28 cert1.pem
-rw-r--r-- 1 root root 3765 Oct 30 14:48 chain1.pem
-rw-r--r-- 1 root root 3684 Oct 30 14:28 fullchain1.pem
-rw------- 1 root root 1704 Oct 30 14:28 privkey1.pem

That's strange...
It said the cert1.pem did not exist there:

Show:
ls -l /etc/letsencrypt/live/mail.allanimals.info-0001/

There is nothing in that directory.

There is the original directory mail.allanimals.info, which has:

lrwxrwxrwx 1 root root  49 Jan 15 09:27 cert.pem -> ../../archive/mail.allanimals.info-0001/cert1.pem
lrwxrwxrwx 1 root root  50 Jan 15 09:27 chain.pem -> ../../archive/mail.allanimals.info-0001/chain1.pem
lrwxrwxrwx 1 root root  54 Jan 15 09:27 fullchain.pem -> ../../archive/mail.allanimals.info-0001/fullchain1.pem
lrwxrwxrwx 1 root root  52 Jan 15 09:27 privkey.pem -> ../../archive/mail.allanimals.info-0001/privkey1.pem
-rw-r--r-- 1 root root 692 Oct 30 14:28 README

Maybe I should mv/cp those files into the 0001?

Negative.

/etc/letsencrypt/live# ls

mail.allanimals.info mail.allanimals.info-0001 README

Show:
cat /etc/letsencrypt/live/mail.allanimals.info-0001/cert.pem

How old is the hard drive?
Is it rather full?

New hard drive, not full.
No files in 0001, but the file you asked about in the other directory is:

-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISA5e3z+yCmRGjjx7qK1luBUIgMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjEwMzAxMzI3NTdaFw0yMzAxMjgxMzI3NTZaMB8xHTAbBgNVBAMT
FG1haWwuYWxsYW5pbWFscy5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA1qYTyiNs/PF4LWuUdvgpM4y+ZWCWjRLwUTO3ZSkfQhnMlU+lUsqsJEQ5
V5fMIhDttJDLhmj+WBN8rozx91g3QxEKm10CSrfXfsarey17sXfoYe5qQr3ljfVc
iITGEo66otrhlCIyUHKCPxBWGtlkcodnRXCgd8K+e7PBABG9MrFoh6GRAeD3d/yN
m+DsgXod7tNMojzsZrMXjIJKDnO9YtIOHJrJTzG9YEYIgg1LkFwps0RoxIjbhrD9
SBCznZtKzBkFXFMZ7gXAeaDvEbDISxj76pLiIVeSRvuYxSMRTI9R40dMHSD3BAov
4qMUNV1cKeO6zGMP/dT5OaefYHreuQIDAQABo4ICUDCCAkwwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBT0+evREPk4WEjw8NdSFJCgBhWTfDAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzAfBgNVHREEGDAWghRtYWlsLmFsbGFuaW1hbHMuaW5mbzBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2
AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhClKylkAAAQDAEcw
RQIhAPz4mZ7J8LqGDqBfVEEZdysFksA672UHTqfNvrkMVydsAiB5bY15v4vzxniZ
JUViFvpg9UVcN+XCkkvGcN4Wk1qvaAB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEA
KQaNsgiaN9kTAAABhClKywMAAAQDAEgwRgIhAM/7liyqLy75+clgL4aZO18RtZTJ
gfuDO+vCophGbABwAiEAuabtlhREmPMOuFQWoLzhpYs9/4y5bMVRsdqkClNWGp8w
DQYJKoZIhvcNAQELBQADggEBAAACin046letEoAfdckNt0Z88xOOZtbQqYigjbtK
YoMY+Ts5kdpUxE/5srgME43I6o4s13KeKlHpC+9/QrRVJ4r03JhF6eVTZmOaUdSC
lw1qJpXzOeFMyDEhilfa2oAVELmwAfTJU7L38kCF3t/+9wRlwaCDyjC0sCD+mC71
y3gikMeHFF9ntS5tJhlOrN3F8w+wpPq93XnSZO3G56AahecR7vF/6p5dErDBbbPn
R6jr8VsXlozWBsbpTEovESRGMOov6Uoa2slW6aJr7R+zWyJtb64lE+/yyay57WKg
1J6Wh/gm6Mljr6kIng1XWWHaj9SuM3vuuvfOBPLGCKQEDHg=
-----END CERTIFICATE-----

That output contradicts:

You showed it does exist.

All we can do is...
If you don't need the -0001 cert, we can remove all trace of it and move on as if it never happened.
[I don't like not knowing what went wrong - and I would suspecet that it could happen again]
But that is your call.
You can back up the entire /etc/letsencrypt/ if you like before we do anything [to be extra safe].

For this situation, I am ok with moving on. I can just rename the directory just in case we need it.

I'm confused.
Did you show only the -0001 directories/files OR did you mix them up?

You really need to just follow directions.
I don't know what you've shown now.

I do apologize if I'm not reading your posts thoroughly [enough].
But this is something I'm not being paid to do and I'm trying to squeeze it in while doing seven other things.

So, I really need you to just give me what I ask of you.

I appreciate the time and help you are taking. As I said, 0001 has no files at all, nothing to show.

Let's go for broke:
ls -lr /etc/letsencrypt/live/
AND
ls -lr /etc/letsencrypt/archive/

In the live folder, archive DOES have files.

PLEASE PLEASE PLEASE
Just fill the request.