Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: fm.westcycle.org.au
I ran this command: certbot renew
It produced this output: Failed to renew certificate fm.westcycle.org.au with error: [Errno 17] File exists: '/etc/letsencrypt/archive/fm.westcycle.org.au/privkey4.pem'
My web server is (include version): My webserver is running through FileMaker Server, which installs and controls the Apache webserver
The operating system my web server runs on is (include version): Ubuntu 18.04 LTS
My hosting provider, if applicable, is: Binary Lane
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I use the control panel provided by the hosting service, also Cyberduck 8.0.0 and also logging into the server directly using Mac Terminal. I have been running these commands using the terminal
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.24.0
I really don't think the issue has anything to do with FileMaker Server or Apache. I have the renew process working on a couple of other servers running filemaker server with this same setup. After the certificates are renewed there is a script that runs to import them into FileMaker Server. I suspect the issue may be that I messed with the folders at some point but can't actually recall what I did.
At some point a second folder was created in the archive directory fm.westcycle.org.au-0001 and files were put in there. I've removed the original folder now and edited the conf file to match, but it's still not working. Here is a list of what's in the current folder (fm.westcycle.org.au-0001):
total 60
-rw-r--r-- 1 root root 1854 Dec 28 00:09 cert1.pem
-rw-r--r-- 1 root root 1854 Jan 1 03:00 cert2.pem
-rw-r--r-- 1 root root 1854 Jan 1 11:35 cert3.pem
-rw-r--r-- 1 root root 3749 Dec 28 00:09 chain1.pem
-rw-r--r-- 1 root root 3749 Jan 1 03:00 chain2.pem
-rw-r--r-- 1 root root 3749 Jan 1 11:35 chain3.pem
-rw-r--r-- 1 root root 5603 Dec 28 00:09 fullchain1.pem
-rw-r--r-- 1 root root 5603 Jan 1 03:00 fullchain2.pem
-rw-r--r-- 1 root root 5603 Jan 1 11:35 fullchain3.pem
-rw------- 1 root root 1704 Dec 28 00:09 privkey1.pem
-rw------- 1 root root 1704 Jan 1 03:00 privkey2.pem
-rw------- 1 root root 1704 Jan 1 11:35 privkey3.pem
These are the contents of the original folder (fm.westcycle.org.au which I have removed from archive and kept somewhere else for now), probably explaining why cerbot got mixed up with privkey4
total 48
-rw-r--r-- 1 root root 1854 Dec 27 15:46 cert1.pem
-rw-r--r-- 1 root root 1854 Dec 27 21:35 cert2.pem
-rw-r--r-- 1 root root 3749 Dec 27 15:46 chain1.pem
-rw-r--r-- 1 root root 3749 Dec 27 21:35 chain2.pem
-rw-r--r-- 1 root root 5603 Dec 27 15:46 fullchain1.pem
-rw-r--r-- 1 root root 5603 Dec 27 21:35 fullchain2.pem
-rw------- 1 root root 1704 Dec 27 15:46 privkey1.pem
-rw------- 1 root root 1704 Dec 27 21:35 privkey2.pem
-rw------- 1 root root 1704 Mar 2 20:39 privkey4.pem
-rw------- 1 root root 1704 Mar 2 19:54 privkey4.pem.backup
Here are the folders in the letsecrypt folder. I created temp folder
/etc/letsencrypt
├── accounts
│ ├── acme-staging-v02.api.letsencrypt.org
│ │ └── directory
│ │ └── c13xxxxxx
│ └── acme-v02.api.letsencrypt.org
│ └── directory
│ └── a877xxxxxxx
├── archive
│ └── fm.westcycle.org.au-0001
├── csr
├── keys
├── live
│ └── fm.westcycle.org.au
├── renewal
├── renewal-hooks
│ ├── deploy
│ ├── post
│ └── pre
└── temp
├── fm.westcycle.org (2:3:22, 9:01 pm).au
└── fm.westcycle.org.au.backup
Here is the current conf file, which works with the current archive folder for the dry run, but not for real
renew_before_expiry = 30 days
version = 1.24.0
archive_dir = /etc/letsencrypt/archive/fm.westcycle.org.au-0001
cert = /etc/letsencrypt/live/fm.westcycle.org.au/cert.pem
privkey = /etc/letsencrypt/live/fm.westcycle.org.au/privkey.pem
chain = /etc/letsencrypt/live/fm.westcycle.org.au/chain.pem
fullchain = /etc/letsencrypt/live/fm.westcycle.org.au/fullchain.pem
Options used in the renewal process
[renewalparams]
account = a877xxxxx
authenticator = webroot
webroot_path = /opt/FileMaker/FileMaker Server/HTTPServer/htdocs
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
fm.westcycle.org.au = /opt/FileMaker/FileMaker Server/HTTPServer/htdocs
_-------------------------------------------------------------
Of course I stupidly ran renew a few times testing different configs and then got the too may tries options. I still have about 3 weeks to get this sorted out before the current certificates expire.
How can I fix this so that the renew process gets the new certs and puts them in the Live folder?
I don't really understand what revoke does. Is it possible to revoke the certificates and reissue for the same domain? Looking for any help I can get here!!!