Deleting old domain broke renewal

Hey, I deleted the certs for (in /etc/letsencrypt/renewal), to only go on with, and now renewal fails because it can’t find the records for the old domain. How do I get rid of it :o

My domain is: (with deleted

I ran this command: certbot renew

It produced this output:

Attempting to renew cert ( from /etc/letsencrypt/renewal/bsgmara produced an unexpected error: Failed authorization procedure. bene (http-01): urn:acme:error:dns :: No valid IP addresses found for benel, (http-01): urn:acme:error:dns :: DNS problem: NXDOMA IN looking up A for Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

And after editing /etc/letsencrypt/renewal/ to delete home folders

Attempting to renew cert ( from /etc/letsencrypt/renewal/bsgmara produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for
Choices: [‘Enter a new webroot’, ‘/var/www/html’]

(You can set this with the --webroot-path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

My web server is (include version): Nginx/1.10.1

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Transip

I can login to a root shell on my machine (yes or no, or I don’t know): Account with sudo privileges

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @Riek_lt

checking your domain there is already a new certificate with the correct domain names -

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-10-28 2020-01-26, - 2 entries duplicate nr. 1

But you don’t use it, instead, you use the expired certificate
2 days expired,,, - 4 entries

So first step: What says

nginx -T

Cleanup your vHost, so the 2 not longer used domain names are removed.

Then try to reinstall the certificate

certbot -d -d --reinstall

Certbot should find the correct certificate. If your vHost configuration is correct, that should work.

1 Like

Hey @JuergenAuer, thanks for the fast reply, good to know that the problem was different from what I originally thought.

There is no mention of in the output of nginx -T, since I did clean that up from /etc/nginx/sites-available/default.

Whenever I try to reinstall the certificate, this is my output

$ sudo certbot -d -d --reinstall
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1):
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
nginx: [emerg] “ssl_certificate” directive is duplicate in /etc/nginx/sites-enabled/default:187
Rolling back to previous server configuration…
nginx restart failed:

Line 187 in default points to the end of the file, with only a commented-away Vhost for
See default file here:
Other files in the folder are default.dpkg-dist and nextcloud, all without any mention of

That’s curious.

Perhaps update your Certbot.

Oh - what’s that? You have a port 443 SSL vHost - but there is no certificate file. So add the two required rows manual.

certbot certificates

should list the files.

The problem is solved, thanks!
The certificate files were in /etc/nginx/snippets/, everything worked out when I pointed it to the new certificate

Thanks a bundle

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.