Certbot tries to authenticate domains I no longer own

fearless · December 1, 2024, 2:05am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
sandystone.com

I ran this command:
certbot renew --dry-run

It produced this output:
Processing /etc/letsencrypt/renewal/sandystone.com-0001.conf

Simulating renewal of an existing certificate for sandystone.com
Failed to renew certificate sandystone.com-0001 with error: Missing command line flag or config entry for this setting:
Input the webroot for sandystone.com:

Processing /etc/letsencrypt/renewal/sandystone.com.conf

Simulating renewal of an existing certificate for actlab.tv and 15 more domains

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: actlab2019.org
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for actlab2019.org - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for actlab2019.org - check that a DNS record exists for this domain

Domain: secretstudio.us
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for secretstudio.us - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for secretstudio.us - check that a DNS record exists for this domain

Domain: www.actlab2019.org
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.actlab2019.org - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.actlab2019.org - check that a DNS record exists for this domain

Domain: www.secretstudio.us
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.secretstudio.us - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.secretstudio.us - check that a DNS record exists for this domain

Domain: actlab.tv
Type: unauthorized
Detail: 104.247.81.52: Invalid response from http://actlab.tv/.well-known/acme-challenge/c5k8McvX9Xi0t5sm34PRN8UAjTQ9Q7DKukp9xBGc4aA: 404

Domain: www.actlab.tv
Type: unauthorized
Detail: 104.247.81.52: Invalid response from http://www.actlab.tv/.well-known/acme-challenge/VHwxeE7mWAzdyYIsnrDv-hb5hNRc0FTpg1SPeo40MZg: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate sandystone.com with error: Some challenges have failed.

My web server is (include version):
Apache 2.4.62 (Debian)
The operating system my web server runs on is (include version):
Debian 12
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.1.0

rg305 · December 1, 2024, 2:40am

Hi @fearless, and welcome to the LE community forum

What shows?:

`certbot certificates`

Bruce5051 · December 1, 2024, 3:52am

Hi @fearless,

Probably in addition to @rg305 recommendation you want to see Certbot - Deleting certificates.

fearless · December 1, 2024, 5:11am

Thanks, Bruce5051. I carefully read the entire "Deleting Certificates" section before I posted here. It didn't help. Do you have any other thoughts?

fearless · December 3, 2024, 8:55pm

I think I know what's going on. When the server failed some time ago, we had many hands at work restoring files, and what may have happened is that someone deleted the domain certs directly rather than using the letsencrypt delete instruction. In that case there's no way I can renew the sandystone.com cert. Is there any way this can be corrected, or is the domain simply doomed?

fearless · December 3, 2024, 8:58pm

root@laurel:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/sandystone.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

Found the following certs:
  Certificate Name: actlab.us
    Serial Number: 41c42dc47ba902a5d04a123f50e7b620ea7
    Key Type: RSA
    Domains: actlab.us www.actlab.us
    Expiry Date: 2025-01-18 01:08:10+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/actlab.us/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/actlab.us/privkey.pem
  Certificate Name: cyberconf.org
    Serial Number: 4ce208f3bd6bb858269322193a68ebdd070
    Key Type: RSA
    Domains: cyberconf.org
    Expiry Date: 2025-01-27 01:16:18+00:00 (VALID: 54 days)
    Certificate Path: /etc/letsencrypt/live/cyberconf.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/cyberconf.org/privkey.pem
  Certificate Name: jeffprothero.com
    Serial Number: 48c18d1a0d298cd239c90097b78fed9a5d7
    Key Type: RSA
    Domains: jeffprothero.com
    Expiry Date: 2025-01-19 00:58:41+00:00 (VALID: 46 days)
    Certificate Path: /etc/letsencrypt/live/jeffprothero.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/jeffprothero.com/privkey.pem
  Certificate Name: muq.org
    Serial Number: 3c832ed5c80e99c5f414a2d455d3c542295
    Key Type: RSA
    Domains: muq.org
    Expiry Date: 2025-01-18 01:08:34+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/muq.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/muq.org/privkey.pem
  Certificate Name: mythryl.org
    Serial Number: 30122fcd22bbc5c19f1eefd4b79199c5862
    Key Type: RSA
    Domains: mythryl.org
    Expiry Date: 2025-01-18 01:08:48+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/mythryl.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mythryl.org/privkey.pem
  Certificate Name: sandystone.com-0001
    Serial Number: 43fb69c46dc658c31f3ce144ede547de22d
    Key Type: ECDSA
    Domains: sandystone.com
    Expiry Date: 2025-03-01 02:00:16+00:00 (VALID: 87 days)
    Certificate Path: /etc/letsencrypt/live/sandystone.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/sandystone.com-0001/privkey.pem
  Certificate Name: sandystone.org
    Serial Number: 3b47167021e4071e75d29a9a57f16878924
    Key Type: ECDSA
    Domains: sandystone.org
    Expiry Date: 2025-03-01 04:20:24+00:00 (VALID: 87 days)
    Certificate Path: /etc/letsencrypt/live/sandystone.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/sandystone.org/privkey.pem
  Certificate Name: www.actlab.us
    Serial Number: 473f78731851e307fd5752b4d1afe41bf32
    Key Type: RSA
    Domains: www.actlab.us
    Expiry Date: 2025-01-18 01:09:24+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/www.actlab.us/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.actlab.us/privkey.pem
  Certificate Name: www.jeffprothero.com
    Serial Number: 3a3e50a16ee6d3d96d40a86aab3d982c34d
    Key Type: RSA
    Domains: www.jeffprothero.com
    Expiry Date: 2025-01-09 01:09:15+00:00 (VALID: 36 days)
    Certificate Path: /etc/letsencrypt/live/www.jeffprothero.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.jeffprothero.com/privkey.pem
  Certificate Name: www.muq.org-0001
    Serial Number: 37331b70226082628ed94cbbb4ad755b69d
    Key Type: RSA
    Domains: www.muq.org
    Expiry Date: 2025-01-18 01:09:36+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/www.muq.org-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.muq.org-0001/privkey.pem
  Certificate Name: www.muq.org
    Serial Number: 31d5cea35558818589f617974134181727e
    Key Type: RSA
    Domains: muq.org www.muq.org
    Expiry Date: 2025-01-09 00:26:21+00:00 (VALID: 36 days)
    Certificate Path: /etc/letsencrypt/live/www.muq.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.muq.org/privkey.pem
  Certificate Name: www.mythryl.org
    Serial Number: 3556af2919636a54d7b86e88aea16350c5c
    Key Type: RSA
    Domains: www.mythryl.org
    Expiry Date: 2025-01-09 00:26:58+00:00 (VALID: 36 days)
    Certificate Path: /etc/letsencrypt/live/www.mythryl.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.mythryl.org/privkey.pem
  Certificate Name: www.sandystone.com-0001
    Serial Number: 4c1a839c0de523c5fa145d97610a7e6d0ef
    Key Type: RSA
    Domains: www.sandystone.com
    Expiry Date: 2025-01-09 00:26:13+00:00 (VALID: 36 days)
    Certificate Path: /etc/letsencrypt/live/www.sandystone.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.sandystone.com-0001/privkey.pem
  Certificate Name: www.sandystone.com
    Serial Number: 3e904b50f0e39f54de1a3130e9d73b42ca8
    Key Type: RSA
    Domains: sandystone.com www.sandystone.com
    Expiry Date: 2025-01-09 00:27:05+00:00 (VALID: 36 days)
    Certificate Path: /etc/letsencrypt/live/www.sandystone.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.sandystone.com/privkey.pem

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/sandystone.com.conf

rg305 · December 3, 2024, 9:34pm

What shows?:
ls -l /etc/letsencrypt/live/www.sandystone.com/

fearless · December 4, 2024, 1:51am

lrwxrwxrwx 1 root root 43 Oct 10 18:25 cert.pem -> ../../archive/www.sandystone.com/cert47.pem
lrwxrwxrwx 1 root root 44 Oct 10 18:25 chain.pem -> ../../archive/www.sandystone.com/chain47.pem
lrwxrwxrwx 1 root root 48 Oct 10 18:25 fullchain.pem -> ../../archive/www.sandystone.com/fullchain47.pem
lrwxrwxrwx 1 root root 46 Oct 10 18:25 privkey.pem -> ../../archive/www.sandystone.com/privkey47.pem

rg305 · December 4, 2024, 1:54am

That looks normal...
What shows?:
ls -lt /etc/letsencrypt/archive/www.sandystone.com/

fearless · December 4, 2024, 6:33am

root@laurel: ls -lt /etc/letsencrypt/archive/www.sandystone.com/
total 816
-rw-r--r-- 1 root root 1793 Oct 10 18:25 cert47.pem
-rw-r--r-- 1 root root 1801 Oct 10 18:25 chain47.pem
-rw-r--r-- 1 root root 3594 Oct 10 18:25 fullchain47.pem
-rw-r--r-- 1 root root 1704 Oct 10 18:25 privkey47.pem
-rw-r--r-- 1 root root 1801 Aug 11 19:08 chain46.pem
-rw-r--r-- 1 root root 3594 Aug 11 19:08 fullchain46.pem
-rw-r--r-- 1 root root 1793 Aug 11 19:08 cert46.pem
-rw-r--r-- 1 root root 1704 Aug 11 19:08 privkey46.pem
-rw-r--r-- 1 root root 1797 Jun 12 19:02 cert45.pem
-rw-r--r-- 1 root root 1801 Jun 12 19:02 chain45.pem
-rw-r--r-- 1 root root 3598 Jun 12 19:02 fullchain45.pem
-rw-r--r-- 1 root root 1704 Jun 12 19:02 privkey45.pem
-rw-r--r-- 1 root root 1789 Apr 13 2024 cert44.pem
-rw-r--r-- 1 root root 1826 Apr 13 2024 chain44.pem
-rw-r--r-- 1 root root 3615 Apr 13 2024 fullchain44.pem
-rw-r--r-- 1 root root 1704 Apr 13 2024 privkey44.pem
-rw-r--r-- 1 root root 1789 Feb 13 2024 cert43.pem
-rw-r--r-- 1 root root 1826 Feb 13 2024 chain43.pem
-rw-r--r-- 1 root root 3615 Feb 13 2024 fullchain43.pem
-rw-r--r-- 1 root root 1704 Feb 13 2024 privkey43.pem
-rw-r--r-- 1 root root 1789 Dec 4 2023 cert42.pem
-rw-r--r-- 1 root root 3749 Dec 4 2023 chain42.pem
-rw-r--r-- 1 root root 5538 Dec 4 2023 fullchain42.pem
-rw-r--r-- 1 root root 1704 Dec 4 2023 privkey42.pem
-rw-r--r-- 1 root root 1793 Oct 5 2023 cert41.pem
-rw-r--r-- 1 root root 3749 Oct 5 2023 chain41.pem
-rw-r--r-- 1 root root 5542 Oct 5 2023 fullchain41.pem
-rw-r--r-- 1 root root 1704 Oct 5 2023 privkey41.pem
-rw-r--r-- 1 root root 1789 Aug 6 2023 cert40.pem
-rw-r--r-- 1 root root 3749 Aug 6 2023 chain40.pem
-rw-r--r-- 1 root root 5538 Aug 6 2023 fullchain40.pem
-rw-r--r-- 1 root root 1704 Aug 6 2023 privkey40.pem
-rw-r--r-- 1 root root 1866 Jun 7 2023 cert39.pem
-rw-r--r-- 1 root root 3749 Jun 7 2023 chain39.pem
-rw-r--r-- 1 root root 5615 Jun 7 2023 fullchain39.pem
-rw-r--r-- 1 root root 1704 Jun 7 2023 privkey39.pem
-rw-r--r-- 1 root root 1866 Apr 8 2023 cert38.pem
-rw-r--r-- 1 root root 3749 Apr 8 2023 chain38.pem
-rw-r--r-- 1 root root 5615 Apr 8 2023 fullchain38.pem
-rw-r--r-- 1 root root 1708 Apr 8 2023 privkey38.pem
-rw-r--r-- 1 root root 3749 Feb 7 2023 chain37.pem
-rw-r--r-- 1 root root 5623 Feb 7 2023 fullchain37.pem
-rw-r--r-- 1 root root 1874 Feb 7 2023 cert37.pem
-rw-r--r-- 1 root root 1704 Feb 7 2023 privkey37.pem
-rw-r--r-- 1 root root 1874 Dec 8 2022 cert36.pem
-rw-r--r-- 1 root root 3749 Dec 8 2022 chain36.pem
-rw-r--r-- 1 root root 5623 Dec 8 2022 fullchain36.pem
-rw-r--r-- 1 root root 1704 Dec 8 2022 privkey36.pem
-rw-r--r-- 1 root root 1870 Oct 9 2022 cert35.pem
-rw-r--r-- 1 root root 3749 Oct 9 2022 chain35.pem
-rw-r--r-- 1 root root 5619 Oct 9 2022 fullchain35.pem
-rw-r--r-- 1 root root 1708 Oct 9 2022 privkey35.pem
-rw-r--r-- 1 root root 1874 Aug 10 2022 cert34.pem
-rw-r--r-- 1 root root 3749 Aug 10 2022 chain34.pem
-rw-r--r-- 1 root root 5623 Aug 10 2022 fullchain34.pem
-rw-r--r-- 1 root root 1704 Aug 10 2022 privkey34.pem
-rw-r--r-- 1 root root 1874 Jun 11 2022 cert33.pem
-rw-r--r-- 1 root root 3750 Jun 11 2022 chain33.pem
-rw-r--r-- 1 root root 5624 Jun 11 2022 fullchain33.pem
-rw-r--r-- 1 root root 1704 Jun 11 2022 privkey33.pem
-rw-r--r-- 1 root root 1870 Apr 12 2022 cert32.pem
-rw-r--r-- 1 root root 3749 Apr 12 2022 chain32.pem
-rw-r--r-- 1 root root 5619 Apr 12 2022 fullchain32.pem
-rw-r--r-- 1 root root 1704 Apr 12 2022 privkey32.pem
-rw-r--r-- 1 root root 1870 Feb 11 2022 cert31.pem
-rw-r--r-- 1 root root 3749 Feb 11 2022 chain31.pem
-rw-r--r-- 1 root root 5619 Feb 11 2022 fullchain31.pem
-rw-r--r-- 1 root root 1704 Feb 11 2022 privkey31.pem
-rw-r--r-- 1 root root 1870 Dec 13 2021 cert30.pem
-rw-r--r-- 1 root root 3749 Dec 13 2021 chain30.pem
-rw-r--r-- 1 root root 5619 Dec 13 2021 fullchain30.pem
-rw-r--r-- 1 root root 1704 Dec 13 2021 privkey30.pem
-rw-r--r-- 1 root root 1870 Oct 14 2021 cert29.pem
-rw-r--r-- 1 root root 3749 Oct 14 2021 chain29.pem
-rw-r--r-- 1 root root 5619 Oct 14 2021 fullchain29.pem
-rw-r--r-- 1 root root 1708 Oct 14 2021 privkey29.pem
-rw-r--r-- 1 root root 1874 Aug 15 2021 cert28.pem
-rw-r--r-- 1 root root 3750 Aug 15 2021 chain28.pem
-rw-r--r-- 1 root root 5624 Aug 15 2021 fullchain28.pem
-rw-r--r-- 1 root root 1704 Aug 15 2021 privkey28.pem
-rw-r--r-- 1 root root 1870 Jun 16 2021 cert27.pem
-rw-r--r-- 1 root root 3749 Jun 16 2021 chain27.pem
-rw-r--r-- 1 root root 5619 Jun 16 2021 fullchain27.pem
-rw-r--r-- 1 root root 1708 Jun 16 2021 privkey27.pem
-rw-r--r-- 1 root root 1874 Apr 17 2021 cert26.pem
-rw-r--r-- 1 root root 1586 Apr 17 2021 chain26.pem
-rw-r--r-- 1 root root 3460 Apr 17 2021 fullchain26.pem
-rw-r--r-- 1 root root 1704 Apr 17 2021 privkey26.pem
-rw-r--r-- 1 root root 1874 Feb 16 2021 cert25.pem
-rw-r--r-- 1 root root 1586 Feb 16 2021 chain25.pem
-rw-r--r-- 1 root root 3460 Feb 16 2021 fullchain25.pem
-rw-r--r-- 1 root root 1704 Feb 16 2021 privkey25.pem
-rw-r--r-- 1 root root 1586 Dec 18 2020 chain24.pem
-rw-r--r-- 1 root root 3460 Dec 18 2020 fullchain24.pem
-rw-r--r-- 1 root root 1874 Dec 18 2020 cert24.pem
-rw-r--r-- 1 root root 1708 Dec 18 2020 privkey24.pem
-rw-r--r-- 1 root root 1939 Oct 19 2020 cert23.pem
-rw-r--r-- 1 root root 1647 Oct 19 2020 chain23.pem
-rw-r--r-- 1 root root 3586 Oct 19 2020 fullchain23.pem
-rw-r--r-- 1 root root 1704 Oct 19 2020 privkey23.pem
-rw-r--r-- 1 root root 3586 Aug 20 2020 fullchain22.pem
-rw-r--r-- 1 root root 1939 Aug 20 2020 cert22.pem
-rw-r--r-- 1 root root 1647 Aug 20 2020 chain22.pem
-rw-r--r-- 1 root root 1704 Aug 20 2020 privkey22.pem
-rw-r--r-- 1 root root 1939 Jun 21 2020 cert21.pem
-rw-r--r-- 1 root root 1647 Jun 21 2020 chain21.pem
-rw-r--r-- 1 root root 3586 Jun 21 2020 fullchain21.pem
-rw-r--r-- 1 root root 1708 Jun 21 2020 privkey21.pem
-rw-r--r-- 1 root root 1939 Apr 22 2020 cert20.pem
-rw-r--r-- 1 root root 1647 Apr 22 2020 chain20.pem
-rw-r--r-- 1 root root 3586 Apr 22 2020 fullchain20.pem
-rw-r--r-- 1 root root 1704 Apr 22 2020 privkey20.pem
-rw-r--r-- 1 root root 1939 Feb 22 2020 cert19.pem
-rw-r--r-- 1 root root 1647 Feb 22 2020 chain19.pem
-rw-r--r-- 1 root root 3586 Feb 22 2020 fullchain19.pem
-rw-r--r-- 1 root root 1704 Feb 22 2020 privkey19.pem
-rw-r--r-- 1 root root 1939 Dec 24 2019 cert18.pem
-rw-r--r-- 1 root root 1647 Dec 24 2019 chain18.pem
-rw-r--r-- 1 root root 3586 Dec 24 2019 fullchain18.pem
-rw-r--r-- 1 root root 1704 Dec 24 2019 privkey18.pem
-rw-r--r-- 1 root root 1939 Oct 25 2019 cert17.pem
-rw-r--r-- 1 root root 1647 Oct 25 2019 chain17.pem
-rw-r--r-- 1 root root 3586 Oct 25 2019 fullchain17.pem
-rw-r--r-- 1 root root 1704 Oct 25 2019 privkey17.pem
-rw-r--r-- 1 root root 1944 Aug 26 2019 cert16.pem
-rw-r--r-- 1 root root 1647 Aug 26 2019 chain16.pem
-rw-r--r-- 1 root root 3591 Aug 26 2019 fullchain16.pem
-rw-r--r-- 1 root root 1708 Aug 26 2019 privkey16.pem
-rw-r--r-- 1 root root 1944 Jun 27 2019 cert15.pem
-rw-r--r-- 1 root root 1647 Jun 27 2019 chain15.pem
-rw-r--r-- 1 root root 3591 Jun 27 2019 fullchain15.pem
-rw-r--r-- 1 root root 1704 Jun 27 2019 privkey15.pem
-rw-r--r-- 1 root root 1939 Apr 28 2019 cert14.pem
-rw-r--r-- 1 root root 1647 Apr 28 2019 chain14.pem
-rw-r--r-- 1 root root 3586 Apr 28 2019 fullchain14.pem
-rw-r--r-- 1 root root 1704 Apr 28 2019 privkey14.pem
-rw-r--r-- 1 root root 1939 Feb 26 2019 cert13.pem
-rw-r--r-- 1 root root 1647 Feb 26 2019 chain13.pem
-rw-r--r-- 1 root root 3586 Feb 26 2019 fullchain13.pem
-rw-r--r-- 1 root root 1704 Feb 26 2019 privkey13.pem
-rw-r--r-- 1 root root 1944 Dec 28 2018 cert12.pem
-rw-r--r-- 1 root root 1647 Dec 28 2018 chain12.pem
-rw-r--r-- 1 root root 3591 Dec 28 2018 fullchain12.pem
-rw-r--r-- 1 root root 1704 Dec 28 2018 privkey12.pem
-rw-r--r-- 1 root root 2183 Oct 29 2018 cert11.pem
-rw-r--r-- 1 root root 1647 Oct 29 2018 chain11.pem
-rw-r--r-- 1 root root 3830 Oct 29 2018 fullchain11.pem
-rw-r--r-- 1 root root 1708 Oct 29 2018 privkey11.pem
-rw-r--r-- 1 root root 2183 Aug 30 2018 cert10.pem
-rw-r--r-- 1 root root 1647 Aug 30 2018 chain10.pem
-rw-r--r-- 1 root root 3830 Aug 30 2018 fullchain10.pem
-rw-r--r-- 1 root root 1704 Aug 30 2018 privkey10.pem
-rw-r--r-- 1 root root 2183 Jul 1 2018 cert9.pem
-rw-r--r-- 1 root root 1647 Jul 1 2018 chain9.pem
-rw-r--r-- 1 root root 3830 Jul 1 2018 fullchain9.pem
-rw-r--r-- 1 root root 1704 Jul 1 2018 privkey9.pem
-rw-r--r-- 1 root root 3830 May 2 2018 fullchain8.pem
-rw-r--r-- 1 root root 2183 May 2 2018 cert8.pem
-rw-r--r-- 1 root root 1647 May 2 2018 chain8.pem
-rw-r--r-- 1 root root 1704 May 2 2018 privkey8.pem
-rw-r--r-- 1 root root 3473 Mar 3 2018 fullchain7.pem
-rw-r--r-- 1 root root 1826 Mar 3 2018 cert7.pem
-rw-r--r-- 1 root root 1647 Mar 3 2018 chain7.pem
-rw-r--r-- 1 root root 1704 Mar 3 2018 privkey7.pem
-rw-r--r-- 1 root root 1826 Jan 2 2018 cert6.pem
-rw-r--r-- 1 root root 1647 Jan 2 2018 chain6.pem
-rw-r--r-- 1 root root 3473 Jan 2 2018 fullchain6.pem
-rw-r--r-- 1 root root 1704 Jan 2 2018 privkey6.pem
-rw-r--r-- 1 root root 1826 Nov 3 2017 cert5.pem
-rw-r--r-- 1 root root 1647 Nov 3 2017 chain5.pem
-rw-r--r-- 1 root root 3473 Nov 3 2017 fullchain5.pem
-rw-r--r-- 1 root root 1708 Nov 3 2017 privkey5.pem
-rw-r--r-- 1 root root 1826 Sep 4 2017 cert4.pem
-rw-r--r-- 1 root root 1647 Sep 4 2017 chain4.pem
-rw-r--r-- 1 root root 3473 Sep 4 2017 fullchain4.pem
-rw-r--r-- 1 root root 1704 Sep 4 2017 privkey4.pem
-rw-r--r-- 1 root root 1826 Jul 6 2017 cert3.pem
-rw-r--r-- 1 root root 1647 Jul 6 2017 chain3.pem
-rw-r--r-- 1 root root 3473 Jul 6 2017 fullchain3.pem
-rw-r--r-- 1 root root 1708 Jul 6 2017 privkey3.pem
-rw-r--r-- 1 root root 1826 May 7 2017 cert2.pem
-rw-r--r-- 1 root root 1647 May 7 2017 chain2.pem
-rw-r--r-- 1 root root 3473 May 7 2017 fullchain2.pem
-rw-r--r-- 1 root root 1704 May 7 2017 privkey2.pem
-rw-r--r-- 1 root root 1826 Mar 7 2017 cert1.pem
-rw-r--r-- 1 root root 1647 Mar 7 2017 chain1.pem
-rw-r--r-- 1 root root 3473 Mar 7 2017 fullchain1.pem
-rw-r--r-- 1 root root 1704 Mar 7 2017 privkey1.pem
root@laurel:

rg305 · December 4, 2024, 6:35am

That also looks good to me.

Let's have a look at that file.

fearless · December 4, 2024, 7:38am

sandystone.com.conf is empty. It was superseded by sandystone.com-0001.conf . Here's sandystone.com-0001.conf, FWIW:

root@laurel: less /etc/letsencrypt/renewal/sandystone.com-0001.conf

renew_before_expiry = 30 days

version = 2.1.0
cert = /etc/letsencrypt/live/sandystone.com-0001/cert.pem
privkey = /etc/letsencrypt/live/sandystone.com-0001/privkey.pem
chain = /etc/letsencrypt/live/sandystone.com-0001/chain.pem
fullchain = /etc/letsencrypt/live/sandystone.com-0001/fullchain.pem
archive_dir = /etc/letsencrypt/archive/sandystone.com-0001

Options used in the renewal process

[renewalparams]
authenticator = apache
account = fe644e876d784757c49818b027f0ff5e
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa
installer = apache

root@laurel:

fearless · December 4, 2024, 7:41am

Hmmm, the fact that the script is looking for sandystone.com.conf instead of sandystone.com-0001.conf would suggest that there's a misconfiguration somewhere, but I'm shy of changing anything in the scripts by hand unless I know exactly what I'm doing...

fearless · December 4, 2024, 8:26am

Here are the contents of www.sandystone.com-0001:

root@laurel: ls -lt /etc/letsencrypt/archive/www.sandystone.com-0001/
total 528
-rw-r--r-- 1 root root 1781 Oct 10 18:24 cert29.pem
-rw-r--r-- 1 root root 1801 Oct 10 18:24 chain29.pem
-rw-r--r-- 1 root root 3582 Oct 10 18:24 fullchain29.pem
-rw-r--r-- 1 root root 1708 Oct 10 18:24 privkey29.pem
-rw-r--r-- 1 root root 1777 Aug 11 19:08 cert28.pem
-rw-r--r-- 1 root root 1801 Aug 11 19:08 chain28.pem
-rw-r--r-- 1 root root 3578 Aug 11 19:08 fullchain28.pem
-rw-r--r-- 1 root root 1704 Aug 11 19:08 privkey28.pem
-rw-r--r-- 1 root root 1801 Jun 12 19:02 chain27.pem
-rw-r--r-- 1 root root 3578 Jun 12 19:02 fullchain27.pem
-rw-r--r-- 1 root root 1777 Jun 12 19:02 cert27.pem
-rw-r--r-- 1 root root 1704 Jun 12 19:02 privkey27.pem
-rw-r--r-- 1 root root 1773 Apr 13 2024 cert26.pem
-rw-r--r-- 1 root root 1826 Apr 13 2024 chain26.pem
-rw-r--r-- 1 root root 3599 Apr 13 2024 fullchain26.pem
-rw-r--r-- 1 root root 1704 Apr 13 2024 privkey26.pem
-rw-r--r-- 1 root root 1777 Feb 13 2024 cert25.pem
-rw-r--r-- 1 root root 1826 Feb 13 2024 chain25.pem
-rw-r--r-- 1 root root 3603 Feb 13 2024 fullchain25.pem
-rw-r--r-- 1 root root 1704 Feb 13 2024 privkey25.pem
-rw-r--r-- 1 root root 1777 Nov 26 2023 cert24.pem
-rw-r--r-- 1 root root 3749 Nov 26 2023 chain24.pem
-rw-r--r-- 1 root root 5526 Nov 26 2023 fullchain24.pem
-rw-r--r-- 1 root root 1704 Nov 26 2023 privkey24.pem
-rw-r--r-- 1 root root 1773 Sep 27 2023 cert23.pem
-rw-r--r-- 1 root root 3749 Sep 27 2023 chain23.pem
-rw-r--r-- 1 root root 5522 Sep 27 2023 fullchain23.pem
-rw-r--r-- 1 root root 1708 Sep 27 2023 privkey23.pem
-rw-r--r-- 1 root root 1777 Jul 29 2023 cert22.pem
-rw-r--r-- 1 root root 3749 Jul 29 2023 chain22.pem
-rw-r--r-- 1 root root 5526 Jul 29 2023 fullchain22.pem
-rw-r--r-- 1 root root 1704 Jul 29 2023 privkey22.pem
-rw-r--r-- 1 root root 1850 May 30 2023 cert21.pem
-rw-r--r-- 1 root root 3749 May 30 2023 chain21.pem
-rw-r--r-- 1 root root 5599 May 30 2023 fullchain21.pem
-rw-r--r-- 1 root root 1708 May 30 2023 privkey21.pem
-rw-r--r-- 1 root root 1850 Mar 31 2023 cert20.pem
-rw-r--r-- 1 root root 3749 Mar 31 2023 chain20.pem
-rw-r--r-- 1 root root 5599 Mar 31 2023 fullchain20.pem
-rw-r--r-- 1 root root 1704 Mar 31 2023 privkey20.pem
-rw-r--r-- 1 root root 1850 Jan 30 2023 cert19.pem
-rw-r--r-- 1 root root 3749 Jan 30 2023 chain19.pem
-rw-r--r-- 1 root root 5599 Jan 30 2023 fullchain19.pem
-rw-r--r-- 1 root root 1704 Jan 30 2023 privkey19.pem
-rw-r--r-- 1 root root 1854 Dec 1 2022 cert18.pem
-rw-r--r-- 1 root root 3749 Dec 1 2022 chain18.pem
-rw-r--r-- 1 root root 5603 Dec 1 2022 fullchain18.pem
-rw-r--r-- 1 root root 1708 Dec 1 2022 privkey18.pem
-rw-r--r-- 1 root root 1854 Oct 2 2022 cert17.pem
-rw-r--r-- 1 root root 3749 Oct 2 2022 chain17.pem
-rw-r--r-- 1 root root 5603 Oct 2 2022 fullchain17.pem
-rw-r--r-- 1 root root 1704 Oct 2 2022 privkey17.pem
-rw-r--r-- 1 root root 1854 Aug 3 2022 cert16.pem
-rw-r--r-- 1 root root 3749 Aug 3 2022 chain16.pem
-rw-r--r-- 1 root root 5603 Aug 3 2022 fullchain16.pem
-rw-r--r-- 1 root root 1708 Aug 3 2022 privkey16.pem
-rw-r--r-- 1 root root 1854 Jun 4 2022 cert15.pem
-rw-r--r-- 1 root root 3749 Jun 4 2022 chain15.pem
-rw-r--r-- 1 root root 5603 Jun 4 2022 fullchain15.pem
-rw-r--r-- 1 root root 1704 Jun 4 2022 privkey15.pem
-rw-r--r-- 1 root root 1854 Apr 5 2022 cert14.pem
-rw-r--r-- 1 root root 3749 Apr 5 2022 chain14.pem
-rw-r--r-- 1 root root 5603 Apr 5 2022 fullchain14.pem
-rw-r--r-- 1 root root 1704 Apr 5 2022 privkey14.pem
-rw-r--r-- 1 root root 5603 Feb 4 2022 fullchain13.pem
-rw-r--r-- 1 root root 1854 Feb 4 2022 cert13.pem
-rw-r--r-- 1 root root 3749 Feb 4 2022 chain13.pem
-rw-r--r-- 1 root root 1704 Feb 4 2022 privkey13.pem
-rw-r--r-- 1 root root 1850 Dec 6 2021 cert12.pem
-rw-r--r-- 1 root root 3749 Dec 6 2021 chain12.pem
-rw-r--r-- 1 root root 5599 Dec 6 2021 fullchain12.pem
-rw-r--r-- 1 root root 1704 Dec 6 2021 privkey12.pem
-rw-r--r-- 1 root root 1854 Oct 7 2021 cert11.pem
-rw-r--r-- 1 root root 3750 Oct 7 2021 chain11.pem
-rw-r--r-- 1 root root 5604 Oct 7 2021 fullchain11.pem
-rw-r--r-- 1 root root 1704 Oct 7 2021 privkey11.pem
-rw-r--r-- 1 root root 1850 Aug 8 2021 cert10.pem
-rw-r--r-- 1 root root 3749 Aug 8 2021 chain10.pem
-rw-r--r-- 1 root root 5599 Aug 8 2021 fullchain10.pem
-rw------- 1 root root 1704 Aug 8 2021 privkey10.pem
-rw-r--r-- 1 root root 1850 Jun 9 2021 cert9.pem
-rw-r--r-- 1 root root 3749 Jun 9 2021 chain9.pem
-rw-r--r-- 1 root root 5599 Jun 9 2021 fullchain9.pem
-rw------- 1 root root 1704 Jun 9 2021 privkey9.pem
-rw-r--r-- 1 root root 1850 Apr 10 2021 cert8.pem
-rw-r--r-- 1 root root 1586 Apr 10 2021 chain8.pem
-rw-r--r-- 1 root root 3436 Apr 10 2021 fullchain8.pem
-rw------- 1 root root 1704 Apr 10 2021 privkey8.pem
-rw-r--r-- 1 root root 1854 Feb 9 2021 cert7.pem
-rw-r--r-- 1 root root 1586 Feb 9 2021 chain7.pem
-rw-r--r-- 1 root root 3440 Feb 9 2021 fullchain7.pem
-rw------- 1 root root 1704 Feb 9 2021 privkey7.pem
-rw-r--r-- 1 root root 1854 Dec 11 2020 cert6.pem
-rw-r--r-- 1 root root 1586 Dec 11 2020 chain6.pem
-rw-r--r-- 1 root root 3440 Dec 11 2020 fullchain6.pem
-rw------- 1 root root 1704 Dec 11 2020 privkey6.pem
-rw-r--r-- 1 root root 1919 Oct 12 2020 cert5.pem
-rw-r--r-- 1 root root 1647 Oct 12 2020 chain5.pem
-rw-r--r-- 1 root root 3566 Oct 12 2020 fullchain5.pem
-rw------- 1 root root 1700 Oct 12 2020 privkey5.pem
-rw-r--r-- 1 root root 3566 Aug 13 2020 fullchain4.pem
-rw-r--r-- 1 root root 1919 Aug 13 2020 cert4.pem
-rw-r--r-- 1 root root 1647 Aug 13 2020 chain4.pem
-rw------- 1 root root 1704 Aug 13 2020 privkey4.pem
-rw-r--r-- 1 root root 1919 Jun 14 2020 cert3.pem
-rw-r--r-- 1 root root 1647 Jun 14 2020 chain3.pem
-rw-r--r-- 1 root root 3566 Jun 14 2020 fullchain3.pem
-rw------- 1 root root 1704 Jun 14 2020 privkey3.pem
-rw-r--r-- 1 root root 3566 Apr 15 2020 fullchain2.pem
-rw-r--r-- 1 root root 1919 Apr 15 2020 cert2.pem
-rw-r--r-- 1 root root 1647 Apr 15 2020 chain2.pem
-rw------- 1 root root 1704 Apr 15 2020 privkey2.pem
-rw-r--r-- 1 root root 1919 Feb 15 2020 cert1.pem
-rw-r--r-- 1 root root 1647 Feb 15 2020 chain1.pem
-rw-r--r-- 1 root root 3566 Feb 15 2020 fullchain1.pem
-rw------- 1 root root 1704 Feb 15 2020 privkey1.pem

root@laurel:

fearless · December 4, 2024, 8:38am

I apologize, I've been lax with distinguishing between conf files for sandystone.com and www.sandystone.com. The directory /etc/letsencrypt/archive/sandystone.com seems to have been renewed On November 30 --not by me, because of the errors it throws -- but the site is still broken.

ls -lt /etc/letsencrypt/archive/sandystone.com-0001/
total 884
-rw-r--r-- 1 root root 1269 Nov 30 18:58 cert51.pem
-rw-r--r-- 1 root root 1566 Nov 30 18:58 chain51.pem
-rw-r--r-- 1 root root 2835 Nov 30 18:58 fullchain51.pem
-rw-r--r-- 1 root root 241 Nov 30 18:58 privkey51.pem
-rw-r--r-- 1 root root 1566 Nov 29 17:48 chain50.pem
-rw-r--r-- 1 root root 2839 Nov 29 17:48 fullchain50.pem
-rw-r--r-- 1 root root 1273 Nov 29 17:48 cert50.pem
-rw-r--r-- 1 root root 241 Nov 29 17:48 privkey50.pem
-rw-r--r-- 1 root root 1765 Oct 28 07:14 cert49.pem
-rw-r--r-- 1 root root 1801 Oct 28 07:14 chain49.pem
-rw-r--r-- 1 root root 3566 Oct 28 07:14 fullchain49.pem
-rw-r--r-- 1 root root 1704 Oct 28 07:14 privkey49.pem
-rw-r--r-- 1 root root 1769 Aug 29 07:04 cert48.pem
-rw-r--r-- 1 root root 1801 Aug 29 07:04 chain48.pem
-rw-r--r-- 1 root root 3570 Aug 29 07:04 fullchain48.pem
-rw-r--r-- 1 root root 1708 Aug 29 07:04 privkey48.pem
-rw-r--r-- 1 root root 1769 Jun 30 07:08 cert47.pem
-rw-r--r-- 1 root root 1801 Jun 30 07:08 chain47.pem
-rw-r--r-- 1 root root 3570 Jun 30 07:08 fullchain47.pem
-rw-r--r-- 1 root root 1704 Jun 30 07:08 privkey47.pem
-rw-r--r-- 1 root root 1761 May 1 2024 cert46.pem
-rw-r--r-- 1 root root 1826 May 1 2024 chain46.pem
-rw-r--r-- 1 root root 3587 May 1 2024 fullchain46.pem
-rw-r--r-- 1 root root 1704 May 1 2024 privkey46.pem
-rw-r--r-- 1 root root 1765 Mar 2 2024 cert45.pem
-rw-r--r-- 1 root root 1826 Mar 2 2024 chain45.pem
-rw-r--r-- 1 root root 3591 Mar 2 2024 fullchain45.pem
-rw-r--r-- 1 root root 1704 Mar 2 2024 privkey45.pem
-rw-r--r-- 1 root root 1761 Jan 2 2024 cert44.pem
-rw-r--r-- 1 root root 3749 Jan 2 2024 chain44.pem
-rw-r--r-- 1 root root 5510 Jan 2 2024 fullchain44.pem
-rw-r--r-- 1 root root 1704 Jan 2 2024 privkey44.pem
-rw-r--r-- 1 root root 1761 Nov 3 2023 cert43.pem
-rw-r--r-- 1 root root 3749 Nov 3 2023 chain43.pem
-rw-r--r-- 1 root root 5510 Nov 3 2023 fullchain43.pem
-rw-r--r-- 1 root root 1704 Nov 3 2023 privkey43.pem
-rw-r--r-- 1 root root 1761 Sep 4 2023 cert42.pem
-rw-r--r-- 1 root root 3749 Sep 4 2023 chain42.pem
-rw-r--r-- 1 root root 5510 Sep 4 2023 fullchain42.pem
-rw-r--r-- 1 root root 1708 Sep 4 2023 privkey42.pem
-rw-r--r-- 1 root root 3749 Jul 6 2023 chain41.pem
-rw-r--r-- 1 root root 5514 Jul 6 2023 fullchain41.pem
-rw-r--r-- 1 root root 1765 Jul 6 2023 cert41.pem
-rw-r--r-- 1 root root 1704 Jul 6 2023 privkey41.pem
-rw-r--r-- 1 root root 1838 May 7 2023 cert40.pem
-rw-r--r-- 1 root root 3749 May 7 2023 chain40.pem
-rw-r--r-- 1 root root 5587 May 7 2023 fullchain40.pem
-rw-r--r-- 1 root root 1704 May 7 2023 privkey40.pem
-rw-r--r-- 1 root root 1842 Mar 8 2023 cert39.pem
-rw-r--r-- 1 root root 3749 Mar 8 2023 chain39.pem
-rw-r--r-- 1 root root 5591 Mar 8 2023 fullchain39.pem
-rw-r--r-- 1 root root 1704 Mar 8 2023 privkey39.pem
-rw-r--r-- 1 root root 1842 Jan 7 2023 cert38.pem
-rw-r--r-- 1 root root 3749 Jan 7 2023 chain38.pem
-rw-r--r-- 1 root root 5591 Jan 7 2023 fullchain38.pem
-rw-r--r-- 1 root root 1704 Jan 7 2023 privkey38.pem
-rw-r--r-- 1 root root 1842 Nov 8 2022 cert37.pem
-rw-r--r-- 1 root root 3749 Nov 8 2022 chain37.pem
-rw-r--r-- 1 root root 5591 Nov 8 2022 fullchain37.pem
-rw-r--r-- 1 root root 1704 Nov 8 2022 privkey37.pem
-rw-r--r-- 1 root root 1842 Sep 9 2022 cert36.pem
-rw-r--r-- 1 root root 3749 Sep 9 2022 chain36.pem
-rw-r--r-- 1 root root 5591 Sep 9 2022 fullchain36.pem
-rw-r--r-- 1 root root 1700 Sep 9 2022 privkey36.pem
-rw-r--r-- 1 root root 1842 Jul 11 2022 cert35.pem
-rw-r--r-- 1 root root 3749 Jul 11 2022 chain35.pem
-rw-r--r-- 1 root root 5591 Jul 11 2022 fullchain35.pem
-rw-r--r-- 1 root root 1704 Jul 11 2022 privkey35.pem
-rw-r--r-- 1 root root 1842 May 12 2022 cert34.pem
-rw-r--r-- 1 root root 3749 May 12 2022 chain34.pem
-rw-r--r-- 1 root root 5591 May 12 2022 fullchain34.pem
-rw-r--r-- 1 root root 1704 May 12 2022 privkey34.pem
-rw-r--r-- 1 root root 1838 Mar 13 2022 cert33.pem
-rw-r--r-- 1 root root 3749 Mar 13 2022 chain33.pem
-rw-r--r-- 1 root root 5587 Mar 13 2022 fullchain33.pem
-rw-r--r-- 1 root root 1708 Mar 13 2022 privkey33.pem
-rw-r--r-- 1 root root 1842 Jan 12 2022 cert32.pem
-rw-r--r-- 1 root root 3749 Jan 12 2022 chain32.pem
-rw-r--r-- 1 root root 5591 Jan 12 2022 fullchain32.pem
-rw-r--r-- 1 root root 1704 Jan 12 2022 privkey32.pem
-rw-r--r-- 1 root root 1842 Nov 13 2021 cert31.pem
-rw-r--r-- 1 root root 3749 Nov 13 2021 chain31.pem
-rw-r--r-- 1 root root 5591 Nov 13 2021 fullchain31.pem
-rw-r--r-- 1 root root 1704 Nov 13 2021 privkey31.pem
-rw-r--r-- 1 root root 1842 Sep 14 2021 cert30.pem
-rw-r--r-- 1 root root 3749 Sep 14 2021 chain30.pem
-rw-r--r-- 1 root root 5591 Sep 14 2021 fullchain30.pem
-rw-r--r-- 1 root root 1708 Sep 14 2021 privkey30.pem
-rw-r--r-- 1 root root 1842 Jul 16 2021 cert29.pem
-rw-r--r-- 1 root root 3749 Jul 16 2021 chain29.pem
-rw-r--r-- 1 root root 5591 Jul 16 2021 fullchain29.pem
-rw-r--r-- 1 root root 1704 Jul 16 2021 privkey29.pem
-rw-r--r-- 1 root root 1838 May 17 2021 cert28.pem
-rw-r--r-- 1 root root 3749 May 17 2021 chain28.pem
-rw-r--r-- 1 root root 5587 May 17 2021 fullchain28.pem
-rw-r--r-- 1 root root 1704 May 17 2021 privkey28.pem
-rw-r--r-- 1 root root 1842 Mar 18 2021 cert27.pem
-rw-r--r-- 1 root root 1586 Mar 18 2021 chain27.pem
-rw-r--r-- 1 root root 3428 Mar 18 2021 fullchain27.pem
-rw-r--r-- 1 root root 1704 Mar 18 2021 privkey27.pem
-rw-r--r-- 1 root root 1842 Jan 17 2021 cert26.pem
-rw-r--r-- 1 root root 1586 Jan 17 2021 chain26.pem
-rw-r--r-- 1 root root 3428 Jan 17 2021 fullchain26.pem
-rw-r--r-- 1 root root 1708 Jan 17 2021 privkey26.pem
-rw-r--r-- 1 root root 1907 Nov 18 2020 cert25.pem
-rw-r--r-- 1 root root 1647 Nov 18 2020 chain25.pem
-rw-r--r-- 1 root root 3554 Nov 18 2020 fullchain25.pem
-rw-r--r-- 1 root root 1704 Nov 18 2020 privkey25.pem
-rw-r--r-- 1 root root 1907 Sep 19 2020 cert24.pem
-rw-r--r-- 1 root root 1647 Sep 19 2020 chain24.pem
-rw-r--r-- 1 root root 3554 Sep 19 2020 fullchain24.pem
-rw-r--r-- 1 root root 1704 Sep 19 2020 privkey24.pem
-rw-r--r-- 1 root root 1907 Jul 21 2020 cert23.pem
-rw-r--r-- 1 root root 1647 Jul 21 2020 chain23.pem
-rw-r--r-- 1 root root 3554 Jul 21 2020 fullchain23.pem
-rw-r--r-- 1 root root 1704 Jul 21 2020 privkey23.pem
-rw-r--r-- 1 root root 1907 May 22 2020 cert22.pem
-rw-r--r-- 1 root root 1647 May 22 2020 chain22.pem
-rw-r--r-- 1 root root 3554 May 22 2020 fullchain22.pem
-rw-r--r-- 1 root root 1708 May 22 2020 privkey22.pem
-rw-r--r-- 1 root root 3558 Mar 23 2020 fullchain21.pem
-rw-r--r-- 1 root root 1911 Mar 23 2020 cert21.pem
-rw-r--r-- 1 root root 1647 Mar 23 2020 chain21.pem
-rw-r--r-- 1 root root 1708 Mar 23 2020 privkey21.pem
-rw-r--r-- 1 root root 1907 Jan 23 2020 cert20.pem
-rw-r--r-- 1 root root 1647 Jan 23 2020 chain20.pem
-rw-r--r-- 1 root root 3554 Jan 23 2020 fullchain20.pem
-rw-r--r-- 1 root root 1704 Jan 23 2020 privkey20.pem
-rw-r--r-- 1 root root 1907 Nov 24 2019 cert19.pem
-rw-r--r-- 1 root root 1647 Nov 24 2019 chain19.pem
-rw-r--r-- 1 root root 3554 Nov 24 2019 fullchain19.pem
-rw-r--r-- 1 root root 1704 Nov 24 2019 privkey19.pem
-rw-r--r-- 1 root root 1907 Sep 25 2019 cert18.pem
-rw-r--r-- 1 root root 1647 Sep 25 2019 chain18.pem
-rw-r--r-- 1 root root 3554 Sep 25 2019 fullchain18.pem
-rw-r--r-- 1 root root 1704 Sep 25 2019 privkey18.pem
-rw-r--r-- 1 root root 1911 Jul 27 2019 cert17.pem
-rw-r--r-- 1 root root 1647 Jul 27 2019 chain17.pem
-rw-r--r-- 1 root root 3558 Jul 27 2019 fullchain17.pem
-rw-r--r-- 1 root root 1708 Jul 27 2019 privkey17.pem
-rw-r--r-- 1 root root 1907 May 28 2019 cert16.pem
-rw-r--r-- 1 root root 1647 May 28 2019 chain16.pem
-rw-r--r-- 1 root root 3554 May 28 2019 fullchain16.pem
-rw-r--r-- 1 root root 1708 May 28 2019 privkey16.pem
-rw-r--r-- 1 root root 1911 May 19 2019 cert15.pem
-rw-r--r-- 1 root root 1647 May 19 2019 chain15.pem
-rw-r--r-- 1 root root 3558 May 19 2019 fullchain15.pem
-rw-r--r-- 1 root root 1704 May 19 2019 privkey15.pem
-rw-r--r-- 1 root root 1911 Mar 20 2019 cert14.pem
-rw-r--r-- 1 root root 1647 Mar 20 2019 chain14.pem
-rw-r--r-- 1 root root 3558 Mar 20 2019 fullchain14.pem
-rw-r--r-- 1 root root 1704 Mar 20 2019 privkey14.pem
-rw-r--r-- 1 root root 1907 Jan 19 2019 cert13.pem
-rw-r--r-- 1 root root 1647 Jan 19 2019 chain13.pem
-rw-r--r-- 1 root root 3554 Jan 19 2019 fullchain13.pem
-rw-r--r-- 1 root root 1704 Jan 19 2019 privkey13.pem
-rw-r--r-- 1 root root 1647 Jan 19 2019 chain12.pem
-rw-r--r-- 1 root root 3554 Jan 19 2019 fullchain12.pem
-rw-r--r-- 1 root root 1907 Jan 19 2019 cert12.pem
-rw-r--r-- 1 root root 1704 Jan 19 2019 privkey12.pem
-rw-r--r-- 1 root root 1911 Nov 20 2018 cert11.pem
-rw-r--r-- 1 root root 1647 Nov 20 2018 chain11.pem
-rw-r--r-- 1 root root 3558 Nov 20 2018 fullchain11.pem
-rw-r--r-- 1 root root 1704 Nov 20 2018 privkey11.pem
-rw-r--r-- 1 root root 2147 Sep 21 2018 cert10.pem
-rw-r--r-- 1 root root 1647 Sep 21 2018 chain10.pem
-rw-r--r-- 1 root root 3794 Sep 21 2018 fullchain10.pem
-rw-r--r-- 1 root root 1704 Sep 21 2018 privkey10.pem
-rw-r--r-- 1 root root 2147 Jul 23 2018 cert9.pem
-rw-r--r-- 1 root root 1647 Jul 23 2018 chain9.pem
-rw-r--r-- 1 root root 3794 Jul 23 2018 fullchain9.pem
-rw-r--r-- 1 root root 1704 Jul 23 2018 privkey9.pem
-rw-r--r-- 1 root root 2151 May 24 2018 cert8.pem
-rw-r--r-- 1 root root 1647 May 24 2018 chain8.pem
-rw-r--r-- 1 root root 3798 May 24 2018 fullchain8.pem
-rw-r--r-- 1 root root 1704 May 24 2018 privkey8.pem
-rw-r--r-- 1 root root 1793 Mar 25 2018 cert7.pem
-rw-r--r-- 1 root root 1647 Mar 25 2018 chain7.pem
-rw-r--r-- 1 root root 3440 Mar 25 2018 fullchain7.pem
-rw-r--r-- 1 root root 1704 Mar 25 2018 privkey7.pem
-rw-r--r-- 1 root root 1793 Jan 24 2018 cert6.pem
-rw-r--r-- 1 root root 1647 Jan 24 2018 chain6.pem
-rw-r--r-- 1 root root 3440 Jan 24 2018 fullchain6.pem
-rw-r--r-- 1 root root 1708 Jan 24 2018 privkey6.pem
-rw-r--r-- 1 root root 1793 Nov 25 2017 cert5.pem
-rw-r--r-- 1 root root 1647 Nov 25 2017 chain5.pem
-rw-r--r-- 1 root root 3440 Nov 25 2017 fullchain5.pem
-rw-r--r-- 1 root root 1704 Nov 25 2017 privkey5.pem
-rw-r--r-- 1 root root 1793 Sep 26 2017 cert4.pem
-rw-r--r-- 1 root root 1647 Sep 26 2017 chain4.pem
-rw-r--r-- 1 root root 3440 Sep 26 2017 fullchain4.pem
-rw-r--r-- 1 root root 1704 Sep 26 2017 privkey4.pem
-rw-r--r-- 1 root root 1793 Jul 28 2017 cert3.pem
-rw-r--r-- 1 root root 1647 Jul 28 2017 chain3.pem
-rw-r--r-- 1 root root 3440 Jul 28 2017 fullchain3.pem
-rw-r--r-- 1 root root 1704 Jul 28 2017 privkey3.pem
-rw-r--r-- 1 root root 1793 May 29 2017 cert2.pem
-rw-r--r-- 1 root root 1647 May 29 2017 chain2.pem
-rw-r--r-- 1 root root 3440 May 29 2017 fullchain2.pem
-rw-r--r-- 1 root root 1708 May 29 2017 privkey2.pem
-rw-r--r-- 1 root root 1793 Mar 29 2017 cert1.pem
-rw-r--r-- 1 root root 1647 Mar 29 2017 chain1.pem
-rw-r--r-- 1 root root 3440 Mar 29 2017 fullchain1.pem
-rw-r--r-- 1 root root 1704 Mar 29 2017 privkey1.pem

rg305 · December 4, 2024, 3:22pm

That's not how certbot works.
They are two separate things.
If that file is empty, you should remove it and move forward with what you have left.
Unless... you have a backup of that directory somewhere???

rg305 · December 4, 2024, 3:33pm

Based on the covered names:

  Certificate Name: sandystone.com-0001
    Domains: sandystone.com

  Certificate Name: sandystone.org       <<<<<<<<<<<<<<<<<<<<<<<<<
    Domains: sandystone.org              <<<<<<<<<<<<<<<<<<<<<<<<<

  Certificate Name: www.sandystone.com-0001
    Domains: www.sandystone.com

  Certificate Name: www.sandystone.com               <<<<<<<<<<<<<<<<<<<<<<<<<
    Domains: sandystone.com www.sandystone.com       <<<<<<<<<<<<<<<<<<<<<<<<<

It looks like you only need two of those four certs.
If so, then ensure that your web service is only using those two certs:

  Certificate Name: sandystone.org
    Domains: sandystone.org
    Certificate Path: /etc/letsencrypt/live/sandystone.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/sandystone.org/privkey.pem

  Certificate Name: www.sandystone.com
    Domains: sandystone.com www.sandystone.com
    Certificate Path: /etc/letsencrypt/live/www.sandystone.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.sandystone.com/privkey.pem

and then remove the other two certs:
certbot delete --cert-name sandystone.com-0001
certbot delete --cert-name www.sandystone.com-0001

fearless · December 4, 2024, 9:32pm

/etc/letsencrypt/live/sandystone.com does not have a privkey.pem file. /etc/letsencrypt/sandystone.com-0001 does.

However, it doesn't matter what I do, when I point a browser at sandystone.com or www.sandystone.com the server sends the cert for actlab.us (which is also in the server's sites-enabled directory) and the browser returns SSL_ERROR_BAD_CERT_DOMAIN. Nothing I do with the server config seems to change this behavior.

rg305 · December 4, 2024, 9:39pm

~~What show?:~~
~~ls -lt /etc/letsencrypt/live/sandystone.com/~~
~~ls -lt /etc/letsencrypt/archive/sandystone.com/~~

Wait!
Who cares about that cert/directory?

You only need to use:

Private Key Path: /etc/letsencrypt/live/sandystone.org/privkey.pem
Private Key Path: /etc/letsencrypt/live/www.sandystone.com/privkey.pem

fearless · December 6, 2024, 6:13am

Hi Rudy,

Thanks for all your help. I've given up. I bought a certificate from my domain registrar instead.

All best wishes,
Sandy

Topic		Replies	Views
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems Help	2	2153	June 22, 2023
Certbot failed to authenticate some domains Help	16	273	May 30, 2024
Certbot failed to authenticate some domains (authenticator: apache) Help	5	551	December 6, 2023
Move from certbot-auto to just certbot Help	7	572	September 6, 2021
Certbot failed to authenticate domain Help	4	555	August 27, 2023

Certbot tries to authenticate domains I no longer own

certbot certificates

renew_before_expiry = 30 days

Options used in the renewal process

Related topics

`certbot certificates`