Error by lego preventing cert renewal

So, very simple. I tried to renew my certificate as I do every 3 months like this:

sudo lego --tls --email="(myemailaddress)" --domains="(mydomain)" --path="/etc/lego" renew

And instead of everything working exactly as it has in the past, I get this absolutely idiotic error:

“You have to pass an account (email address) to the program using --email or -m”

Notice, I JUST DID THAT. What’s the problem here? I also thought I’d just create a totally new certificate and tried the command with run instead of renew and the same stupidity happened. For fun I tried out a bunch of different emails and got the same absolutely idiotic error.

I’m running a website on bitnami wordpress / amazon lightsail.

Anyone else have this problem? How do I solve it? Thanks!!

Hi! I’m not the lego maintainer, but if I were I’d be hurt to read your comments calling the software I wrote for free being criticized as “idiotic.” It’s entirely possible you’ve found a bug in lego, since you said that that command was working previously. I’d recommend trying an older version; if that works, you might want to file a (polite) bug report asking for a fix in a future version.

Also, FYI, Let’s Encrypt strongly recommends that you renew your certificates every 60 days, and that you automate the process. That way if you run into any trouble you’ll have 30 days to resolve it.

1 Like

Ok. How can I just totally remove letsencypt and it’s certificate? I’m going to go another route that doesn’t include this problem. The version of bitnami I’m running is using nginx.

Since you’re running manually, there’s no need to uninstall any certificates. When you pick a new client and run that one, it will provide new certificates in a new location, and you can configure your web server to use that location (or, if you’re using Certbot, it can configure your web server for you).

Perfect, got it. Thanks!

Actually, I need to kill these certificates completely. I set up HTTPS though Lightsail’s load balancer, but as long as the letsencrypt certificates are there, the expired certificate somehow takes priority and produces an error. How to I totally erase everything letsencrypt related from my site?

Are you looking to upload fresh certificates, or remove an HTTP->HTTPS redirect?

Totally remove the HTTP->HTTPS redirect

You’ll want to check your Nginx config for an if block where the contents start with return 301 https://. Delete that if block and reload your Nginx config.

1 Like

RFTM: (GitHub - go-acme/lego: Let's Encrypt/ACME client and library written in Go)
--tls Use the TLS challenge to solve challenges.

If you haven't heard: TLS challenges are being deprecated.

(RFTM = Right From The Manual - I known what you were thinking!)

Elsewhere in the same manual:

Robust implementation of all ACME challenges

HTTP (http-01)
DNS (dns-01)
TLS (tls-alpn-01)

tls-alpn-01 is not being deprecated :wink: as long as you're using an up-to-date version of lego, this shouldn't be a problem.

(not that it matters either way if you've switched to using the lightsail load balancer to manage your certificates)

3 Likes

Speaking of up-to-date versions of lego, I think I may know what happened originally here… see Issue renewing SSL

Hello, I’m a Lego maintainer :wink:

The problem occurs when a user uses the CLI syntax of the lego v2 with the v1 binary.

lego v2:

sudo lego --tls --email="foo@bar.com" --domains="foobar.com" --domains="www.foobar.com" --path="/etc/lego" run

lego v1:

sudo lego --exclude="http-01" --email="foo@bar.com" --domains="foobar.com" --domains="www.foobar.com" --path="/etc/lego" run
5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.