Copying certs from a server to another


#1

Hey,

I installed Let’s Encrypt certs on a Ubuntu server using Apache installer. After some time I decided to go with ServerPilot and then created a new VPS with it.

I copied the /etc/letsencrypt folder (preserving symlinks) to the new server and everything is working. I’ve used this repo to install everything easier: https://github.com/rehmatworks/serverpilot-letsencrypt

The question is, my cert is valid but I can’t renew it. When trying to renew using letsencrypt --standalone renew I get this:

Processing /etc/letsencrypt/renewal/blog.jgrossi.com.conf
2018-04-20 20:23:34,340:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/blog.jgrossi.com.conf produced an unexpected error: An object does not implement interface <InterfaceClass letsencrypt.interfaces.IInstaller>

        . Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/blog.jgrossi.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

My .conf file is this:

# renew_before_expiry = 30 days
version = 0.21.1
archive_dir = /etc/letsencrypt/archive/blog.jgrossi.com
cert = /etc/letsencrypt/live/blog.jgrossi.com/cert.pem
privkey = /etc/letsencrypt/live/blog.jgrossi.com/privkey.pem
chain = /etc/letsencrypt/live/blog.jgrossi.com/chain.pem
fullchain = /etc/letsencrypt/live/blog.jgrossi.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
installer = standalone
authenticator = none
account = 53ea34907328bdc1c10f29d819f8bdd6

What should I have to do to fix this? Is it better to get a new cert? How can I do that?

Thanks for any help.

– Junior Grossi


#2

Well, this makes no sense. installer should be none and authenticator should be standalone.

Try repair that, and then just run letsencrypt renew without any additional arguments.


#3

Hey @_az, thanks for replying.

I did that, but it didn’t work. I got this:

root@blog:/etc/letsencrypt/renewal# letsencrypt renew
Processing /etc/letsencrypt/renewal/blog.jgrossi.com.conf
2018-04-21 01:29:45,366:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/blog.jgrossi.com.conf produced an unexpected error: 'server'. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/blog.jgrossi.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Thanks again.

JG


#4

What version of letsencrypt are you using?

Try running letsencrypt --version.


#5

Try a “manual” renewal.


#6

Hi @mnordhoff thanks for replying.

I’m using version letsencrypt 0.4.1.

Does anyone know, but maybe is easier to remove the certificate and generate a new one, because once I copied the entire /letsencrypt folder to the new folder maybe something went wront, because the previous letsencrypt client I used apache helper and this one the standalone.

Thanks in advance.

– JG


#7

0.4.1 is quite an old version.
Unless you absolutely need the current cert, I would trash all of that and get the latest version of certbot and just issue a brand new cert.

for assistance, see: https://certbot.eff.org/all-instructions/


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.