Certs removed from /etc/letsencrypt/live /etc/letsencrypt/archive (but still exist in /etc/letsencrypt/renewal)

Hello, community!
We use Certbot v0.31.0 for linux. We removed standard certbot.service and certbot.timer and using self-written script, that runs by cron and check if certificates needs to be updated. If it needs, we just run certbot renew —webroot -w —cert-name .
Using this scheme, we faced a problem: files for a bunch of domains has been removed from folders /etc/letsencrypt/live /etc/letsencrypt/archive (but still exist in /etc/letsencrypt/renewal). The strange thing is renewal config is not removed. Is there any flow that certbot could remove files from /live and /archive folders? In the logs we see a bunch of messages saying that renewal config is broken because of a file in live folder supposed to be a symlink, but it is not (it is removed)
Waiting for any help or advice.

My domain is: lots. Eg: mybears.ru

I ran this command: certbot renew —webroot -w —cert-name .

It produced this output: files for a bunch of domains has been removed from folders /etc/letsencrypt/live /etc/letsencrypt/archive (but still exist in /etc/letsencrypt/renewal).

My web server is (include version): nginx/1.16.1

The operating system my web server runs on is (include version):Ubuntu 16.04.7 LTS

My hosting provider, if applicable, is:---

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1. certbot 0.31.0

1 Like

Hi @Ize4ka

how did you do that?

With certbot delete certificatename? Sounds you have deleted some files manual, that's bad.

Use always the integrated delete command.

1 Like

Is it possible that certbot removed files from live and archive folders by itself during some kind of sync/renew operations?

You should not be removing/moving certbot files manually.
There are built-in certbot commands for all that is needed.

The closest thing is:
certbot delete --cert-name {name}

[not sure if anything deletes from the archive folder - but that folder should not be used directly]

1 Like

Not in any intended way; if it did that, it would be an unknown, previously unreported bug.