Congratulations, all renewals succeeded. but my cert is not renewed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.pomorze.travel

I ran this command: cerbot renew

It produced this output: Processing /etc/letsencrypt/renewal/pomorze.travel.conf


Cert is due for renewal, auto-renewing…

Plugins selected: Authenticator standalone, Installer None

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Renewing an existing certificate


new certificate deployed without reload, fullchain is

/etc/letsencrypt/live/pomorze.travel/fullchain.pem



Congratulations, all renewals succeeded. The following certs have been renewed:

/etc/letsencrypt/live/pomorze.travel/fullchain.pem (success)

My web server is (include version): node js express

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: ovh.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.37.2

when I use the certbot certificates command, I get the answer:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/pomorze.travel/cert.pem is unknown


Found the following certs:
Certificate Name: pomorze.travel
Domains: pomorze.travel bory-tucholskie.pomorze.travel gdansk.travel kaszuby.pomorze.travel kociewie.pomorze.travel nadmorzem.pomorze.travel powisle.pomorze.travel sopot.travel swinoujscie.pomorze.travel www.bory-tucholskie.pomorze.travel www.gdansk.travel www.kaszuby.pomorze.travel www.kociewie.pomorze.travel www.nadmorzem.pomorze.travel www.pomorze.travel www.powisle.pomorze.travel www.sopot.travel www.swinoujscie.pomorze.travel www.zulawy.pomorze.travel zulawy.pomorze.travel
Expiry Date: 2020-03-22 10:17:00+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/pomorze.travel/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pomorze.travel/privkey.pem


someone could help me, I have been trying to renew my certificates for a week. I had previously exceeded the limit for the same reason. Not that history repeats itself.

Thank you

1 Like

Hi @cassubian

first, you have created two certificates - https://check-your-website.server-daten.de/?q=pomorze.travel#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-03-30 2020-06-28 bory-tucholskie.pomorze.travel, gdansk.travel, kaszuby.pomorze.travel, kociewie.pomorze.travel, nadmorzem.pomorze.travel, pomorze.travel, powisle.pomorze.travel, sopot.travel, swinoujscie.pomorze.travel, www.bory-tucholskie.pomorze.travel, www.gdansk.travel, www.kaszuby.pomorze.travel, www.kociewie.pomorze.travel, www.nadmorzem.pomorze.travel, www.pomorze.travel, www.powisle.pomorze.travel, www.sopot.travel, www.swinoujscie.pomorze.travel, www.zulawy.pomorze.travel, zulawy.pomorze.travel - 20 entries duplicate nr. 2
Let’s Encrypt Authority X3 2020-03-30 2020-06-28 bory-tucholskie.pomorze.travel, gdansk.travel, kaszuby.pomorze.travel, kociewie.pomorze.travel, nadmorzem.pomorze.travel, pomorze.travel, powisle.pomorze.travel, sopot.travel, swinoujscie.pomorze.travel, www.bory-tucholskie.pomorze.travel, www.gdansk.travel, www.kaszuby.pomorze.travel, www.kociewie.pomorze.travel, www.nadmorzem.pomorze.travel, www.pomorze.travel, www.powisle.pomorze.travel, www.sopot.travel, www.swinoujscie.pomorze.travel, www.zulawy.pomorze.travel, zulawy.pomorze.travel - 20 entries duplicate nr. 1
Let’s Encrypt Authority X3 2020-03-23 2020-06-21 bory-tucholskie.pomorze.travel, gdansk.travel, kaszuby.pomorze.travel, kociewie.pomorze.travel, nadmorzem.pomorze.travel, pomorze.travel, powisle.pomorze.travel, sopot.travel, swinoujscie.pomorze.travel, www.bory-tucholskie.pomorze.travel, www.gdansk.travel, www.kaszuby.pomorze.travel, www.kociewie.pomorze.travel, www.nadmorzem.pomorze.travel, www.pomorze.travel, www.powisle.pomorze.travel, www.sopot.travel, www.swinoujscie.pomorze.travel, www.zulawy.pomorze.travel, zulawy.pomorze.travel - 20 entries

So that part has worked. Don’t create new certificates.

Second, certonly doesn’t reload your webserver, so do that manual.

Third: Why doesn’t certbot certificates find your certificates???

You have root access, so you have all to find the created certificates. Check your letsencrypt log.

Looks like you use a script or additional things, so your

X-Powered-By: Express

is stopped. May be you use non-standard directories.

2 Likes

You have several certificates issued today for your domain: https://crt.sh/?q=pomorze.travel

Did you tell your webserver to load the new certificates?

You should add a --deploy-hook to your configuration, like
certbot subcommand --deploy-hook "whatever_command_reloads_the_server"

where subcommand should be install right now, and renew in the future

1 Like

i used command cerbot renew two times…

yes my cert is nor renewed

Your certificate has been renewed. More than once! If you keep renewing it, you’ll hit the rate limits. The files just aren’t there for some reason.

Please post the output of “sudo ls -alR /etc/letsencrypt/{archive,live,renewal}”.

2 Likes

/etc/letsencrypt/archive:

razem 16

drwx------ 4 root root 4096 03-30 09:34 .

drwxr-xr-x 9 root root 4096 03-30 10:16 …

drwxr-xr-x 2 root root 4096 03-30 09:34 pomorze.travel

drwxr-xr-x 2 root root 4096 12-23 12:17 pomorze.travel-0001

/etc/letsencrypt/archive/pomorze.travel:

razem 48

drwxr-xr-x 2 root root 4096 03-30 09:34 .

drwx------ 4 root root 4096 03-30 09:34 …

-rw-r–r-- 1 root root 2025 2019-09-24 cert1.pem

-rw-r–r-- 1 root root 2561 03-30 09:34 cert3.pem

-rw-r–r-- 1 root root 1647 2019-09-24 chain1.pem

-rw-r–r-- 1 root root 1647 03-30 09:34 chain3.pem

-rw-r–r-- 1 root root 3672 2019-09-24 fullchain1.pem

-rw-r–r-- 1 root root 4208 03-30 09:34 fullchain3.pem

-rw------- 1 root root 1708 2019-09-24 privkey1.pem

-rw------- 1 root root 1704 03-30 09:28 privkey2.pem

-rw------- 1 root root 1704 03-30 09:34 privkey3.pem

/etc/letsencrypt/archive/pomorze.travel-0001:

razem 44

drwxr-xr-x 2 root root 4096 12-23 12:17 .

drwx------ 4 root root 4096 03-30 09:34 …

-rw-r–r-- 1 root root 2017 2019-06-26 cert1.pem

-rw-r–r-- 1 root root 2561 03-25 20:19 cert2.pem

-rw-r–r-- 1 root root 1647 2019-06-26 chain1.pem

-rw-r–r-- 1 root root 1647 03-25 20:19 chain2.pem

-rw-r–r-- 1 root root 3664 2019-06-26 fullchain1.pem

-rw-r–r-- 1 root root 4208 03-25 20:19 fullchain2.pem

-rw------- 1 root root 1708 2019-06-26 privkey1.pem

-rw------- 1 root root 1704 03-25 20:19 privkey2.pem

/etc/letsencrypt/live:

razem 16

drwx------ 3 root root 4096 12-17 11:28 .

drwxr-xr-x 9 root root 4096 03-30 10:16 …

drwxr-xr-x 2 root root 4096 03-30 09:34 pomorze.travel

-rw-r–r-- 1 root root 740 2019-06-26 README

/etc/letsencrypt/live/pomorze.travel:

razem 12

drwxr-xr-x 2 root root 4096 03-30 09:34 .

drwx------ 3 root root 4096 12-17 11:28 …

lrwxrwxrwx 1 root root 43 03-30 09:34 cert.pem -> …/…/archive/pomorze.travel-0001/cert2.pem

lrwxrwxrwx 1 root root 44 03-30 09:34 chain.pem -> …/…/archive/pomorze.travel-0001/chain2.pem

lrwxrwxrwx 1 root root 48 03-30 09:34 fullchain.pem -> …/…/archive/pomorze.travel-0001/fullchain2.pem

lrwxrwxrwx 1 root root 46 03-30 09:34 privkey.pem -> …/…/archive/pomorze.travel-0001/privkey2.pem

-rw-r–r-- 1 root root 692 2019-09-24 README

/etc/letsencrypt/renewal:

razem 12

drwxr-xr-x 2 root root 4096 03-30 09:34 .

drwxr-xr-x 9 root root 4096 03-30 10:16 …

-rw-r–r-- 1 root root 514 03-30 09:34 pomorze.travel.conf

1 Like

Your Certbot configuration is damaged, so when the certificate is renewed, it’s not able to save the new files correctly.

The symlinks in /etc/letsencrypt/live/pomorze.travel need to point to files in ../../archive/pomorze.travel, but they’re pointing to ../../archive/pomorze.travel-0001 instead.

(And the forum software is turning “..” into “”.)

Can you also post the contents of /etc/letsencrypt/renewal/pomorze.travel.conf?

1 Like

renew_before_expiry = 30 days

version = 0.37.2

archive_dir = /etc/letsencrypt/archive/pomorze.travel

cert = /etc/letsencrypt/live/pomorze.travel/cert.pem

privkey = /etc/letsencrypt/live/pomorze.travel/privkey.pem

chain = /etc/letsencrypt/live/pomorze.travel/chain.pem

fullchain = /etc/letsencrypt/live/pomorze.travel/fullchain.pem

Options used in the renewal process

[renewalparams]

authenticator = standalone

account = 805049b7b091e77329c8fbd27c79f458

server = https://acme-v02.api.letsencrypt.org/directory

Try running certbot update_symlinks --cert-name "pomorze.travel"

(also, tell us if /etc/letsencrypt/cli.ini exists and what its contents are.)

1 Like

after command certbot update_symlinks --cert-name “pomorze.travel”

my output is :

Saving debug log to /var/log/letsencrypt/letsencrypt.log

target /etc/letsencrypt/archive/pomorze.travel/cert2.pem of symlink /etc/letsencrypt/live/pomorze.travel/cert.pem does not exist

and after command: certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/pomorze.travel.conf produced an unexpected error: target /etc/letsencrypt/archive/pomorze.travel/cert2.pem of symlink /etc/letsencrypt/live/pomorze.travel/cert.pem does not exist. Skipping.


The following renewal configurations were invalid:
/etc/letsencrypt/renewal/pomorze.travel.conf

/etc/letsencrypt/cli.ini not exist…

but you have the private key:

You need to recover the certificate (it’s public, you’ll find it on crt.sh, but you have to get the right one) and fullchain (you can make it by taking another fullchain and replacing the first certificate)

it’s very difficult, I’m a beginner, I don’t know how to do it.
can I do this configuration from the beginning?

it’s unadvisable, but you can. make a backup before.

you can also make a backup and rm -ir /etc/letsencrypt/live/pomorze.travel (only remove symbolic links) and then use certbot update_symlinks again.

I’m an absolute beginner, what should I do. there is no experience with servers

you would help in this configuration. Please

ok, do this:

tar -cf "~/certbot-$(date -Im).tar" /etc/letsencrypt

then do:

rm -i /etc/letsencrypt/live/pomorze.travel/*
ln -s /etc/letsencrypt/live/pomorze.travel/cert.pem /etc/letsencrypt/archive/pomorze.travel/cert3.pem
ln -s /etc/letsencrypt/live/pomorze.travel/fullchain.pem /etc/letsencrypt/archive/pomorze.travel/fullchain3.pem
ln -s /etc/letsencrypt/live/pomorze.travel/chain.pem /etc/letsencrypt/archive/pomorze.travel/chain3.pem
ln -s /etc/letsencrypt/live/pomorze.travel/privkey.pem /etc/letsencrypt/archive/pomorze.travel/privkey3.pem

doublecheck these commands because I have not checked them and I assume no responsibility. man tar and man rm and man ln are things you should read, also check that my paths are right.

1 Like

ok, I got mixed up even more. you could write how I can delete my configuration and start it from the beginning.

what happens if you run certbot install ?

1 Like

ln -s /etc/letsencrypt/live/pomorze.travel/cert.pem /etc/letsencrypt/archive/pomorze.travel/cert3.pem
ln: Cannot create symbolic link “/etc/letsencrypt/archive/pomorze.travel/cert3.pem”: File exists