Error renewing certificate via certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 4points.cl

I ran this command: certbot renew --dry-run

It produced this output:
Attempting to renew cert from /etc/letsencrypt/renewal/4points.cl.conf produced an unexpected error: Problem in /etc/nginx/sites-enabled/default: tried to insert directive “[‘ssl_certificate’, ‘/var/lib/letsencrypt/snakeoil/0057_cert.pem’]” but found conflicting “[‘ssl_certificate’, ‘/etc/letsencrypt/live/4points.cl/fullchain.pem’]”… Skipping.

My web server is (include version): NGINX

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I don’t believe you should be using --dry-run here. It is attempting to reconfigure your Nginx, but is worried about clobbering existing (functional) configs. You can force it to update this, but it will break your configuration by applying an invalid certificate. What happens if you execute this against the live environment?

Hi, thanks for your response.

When you say that I should try against the live environment you mean to run de command without the --dry-run parameter?

Yes, --dry-run executes against the staging environment. Remove that parameter.

I received the same error message.

Including this snakeoil part?

Please post the contents of /etc/letsencrypt/renewal/4points.cl.conf

renew_before_expiry = 30 days

version = 0.14.2
archive_dir = /etc/letsencrypt/archive/4points.cl
cert = /etc/letsencrypt/live/4points.cl/cert.pem
privkey = /etc/letsencrypt/live/4points.cl/privkey.pem
chain = /etc/letsencrypt/live/4points.cl/chain.pem
fullchain = /etc/letsencrypt/live/4points.cl/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = nginx
installer = nginx
account = c2c89e72273d9f3aff1ca704052b33ab

That all looks about right. How about /etc/letsencrypt/cli.ini? I recall that there was an issue where that could get stuck in staging in certain circumstances.

For what it’s worth, there was a similar known bug, but it was fixed in 0.10.0 in January.

Thanks,
that file doesn’t exist in the system

/etc/letsencrypt/cli.ini: No such file or directory

these are de contents for that directory
root@4points:/etc/letsencrypt# ls -l
total 28
drwx------ 4 root root 4096 Oct 10 21:48 accounts
drwx------ 3 root root 4096 Jul 13 18:43 archive
drwxr-xr-x 2 root root 4096 Jul 13 18:43 csr
drwx------ 2 root root 4096 Jul 13 18:43 keys
drwx------ 3 root root 4096 Jul 13 18:43 live
-rw-r–r-- 1 root root 822 Jul 13 18:42 options-ssl-nginx.conf
drwxr-xr-x 2 root root 4096 Jul 13 18:43 renewal

I run letsencrypt --version

and it respond like: certbot 0.14.2

Hmm, interesting… @schoen, any ideas? I think you were to one to crack this issue when it happened to someone previously.

Hi, @schoen, can you please give me some advice on how to get this resolved? I’ll really appreciate it.

thanks in advance

Alex

Hello, I have the same exact issue

sudo certbot renew
[sudo] password for ubuntu:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/hkbo.site.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for hkbo.site
tls-sni-01 challenge for www.hkbo.site
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/hkbo.site.conf produced an unexpected error: Problem in /etc/nginx/sites-enabled/default: tried to insert directive "['ssl_certificate', '/var/lib/letsencrypt/snakeoil/0065_cert.pem']" but found conflicting "['ssl_certificate', '/etc/letsencrypt/live/hkbo.site/fullchain.pem']".. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/hkbo.site/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Somebody knows if I generate everything from scratch will solve the problem?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.