Error renewing certificates

Mysterio · May 19, 2020, 10:25am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: domain (check hyperlink)

I ran this command: cerbot renew , cerbot certificates

It produced this output: no certs found, no renewals attempted

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 18.04.3

My hosting provider, if applicable, is: DO

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

**I see all the certificates in the folder docker-volumes/etc/letsencrypt folder **
on the path /etc/letsencrypt there are no live keys stored.
The keys from docker volumes are mounted to the Docker containers as well .
I have received an email about the renewal, but when I try renewing it, I get no certs found, no renewals attempted. Maybe I feel it is trying to fetch details from default path i.e etc/letsencrypt but actually the data is in docker-volumes/etc/letsencrypt folder. How do i fix it?

rg305 · May 19, 2020, 11:47am

Can you make a symbolic link to use /docker-volumes/etc/letsencrypt/ as /etc/letsencrypt/ ?

If not, try:
certbot renew --config-dir /docker-volumes/etc/letsencrypt/

Mysterio · May 19, 2020, 12:18pm

Hey !
It tried the renew command with config dir

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 67, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 463, in init
self._check_symlinks()
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 522, in _check_symlinks
“expected {0} to be a symlink”.format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/upskill.techzillaindia.com/cert.pem to be a symlink
Renewal configuration file /docker-volumes/etc/letsencrypt/renewal/upskill.techzillaindia.com.conf is broken. Skipping.

How exactly to make a symbolic link? Help will be appreciated!

Thanks

Mysterio · May 19, 2020, 12:21pm

I tried the command but Additionally, the following renewal configurations were invalid:
/docker-volumes/etc/letsencrypt/renewal/upskill.techzillaindia.com.conf (parsefail)

How excatly to make a symbolic link? Any help will be appreciated!

Mysterio · May 19, 2020, 12:22pm

renewal configuration file /docker-volumes/etc/letsencrypt/renewal/upskill.techzillaindia.com.conf is broken.

Mysterio · May 19, 2020, 12:31pm

The config file is as follows

renew_before_expiry = 30 days

version = 1.2.0
archive_dir = docker-volumes/etc/letsencrypt/archive/upskill.techzillaindia.com
cert = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/cert.pem
privkey = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/privkey.pem
chain = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/chain.pem
fullchain = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = ccb8e67bb38219c386c3d6e2a866ee39
authenticator = webroot
webroot_path = /data/letsencrypt,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
upskill.techzillaindia.com = /data/letsencrypt

rg305 · May 19, 2020, 12:51pm

Where it says:
…= docker-volumes/…
Should that be?:
…= /docker-volumes/…

What says?:
ls -l /docker-volumes/etc/letsencrypt/
ls -l /data/letsencrypt/

rg305 · May 19, 2020, 12:53pm

I don't know why there is a comma there.

JimPas · May 20, 2020, 2:12am

He must have corrected those two items you pointed out @rg305. The site is up and has its cert.

rg305 · May 20, 2020, 2:44am

We may never know…
Then name should have clued me in “Mysterio”.
[Spanish for Mystery]

Mysterio · May 20, 2020, 6:45am

Hey! I am fixing it! The site was already up, my renewal is due on 6th june.
I facing acme challenge verification issue. I’ll update here once done.

JimPas · May 21, 2020, 3:50am

If you’re having an issue with the acme challenge, don’t hesitate to ask for help. Isn’t great you’re learning as you go? Soon you’ll be an old pro at renewing.

Mysterio · May 22, 2020, 11:46am

I used this tutorial to set up ssl for my website

Created this directory
sudo mkdir -p /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site

Then I created a temporary nginx container, using compose file at
/docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site

docker-compose.yml
version: ‘3.1’

services:

letsencrypt-nginx-container:
container_name: ‘letsencrypt-nginx-container’
image: nginx:latest
ports:
- “80:80”
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./letsencrypt-site:/usr/share/nginx/html
networks:
- docker-network

networks:
docker-network:
driver: bridge

Then created a temporary nginx config to be served using
sudo nano /docker/letsencrypt-docker-nginx/src/letsencrypt/nginx.conf
nginx.conf
erver {
listen 80;
listen [::]:80;
server_name example-site.com www.example-site.com;

location ~ /.well-known/acme-challenge {
    allow all;
    root /usr/share/nginx/html;
}

root /usr/share/nginx/html;
index index.html;

}

A temporary html file at
/docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site/index.html

Then spin up the container using
cd /docker/letsencrypt-docker-nginx/src/letsencrypt
docker-compose up -d
Site was running at the domain

then I fired being in the same directory as /docker/letsencrypt-docker-nginx/src/letsencrypt

sudo docker run -it --rm
-v /docker-volumes/etc/letsencrypt:/etc/letsencrypt
-v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt
-v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt
-v “/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt”
certbot/certbot
certonly --webroot
–email youremail@domain.com --agree-tos --no-eff-email
–webroot-path=/data/letsencrypt
-d example-site.com -d www.example-site.com

and certificates were available at
/docker-volumes/etc/letsencrypt

And then volume mapped pem files to our production container.

Now I have to renew the certificates

How should I renew the certificates, I fired certbot renew command at
/docker-volumes/etc/letsencrypt

The renewal config file is the same as mentioned above
with web root path "/data/letsencrypt’ the error shows no file and directory.
When I update it with other existing directly the Http challenge fails.

Mysterio · May 25, 2020, 6:16am

@rg305 Any update? My expiry date is nearing

9peppe · May 25, 2020, 9:37am

The tutorial you followed is a pile of steaming crap that uses the host crontab to renew certificates (search for “renew” in that page and you’ll find how).

You should switch to this one:

system · June 24, 2020, 9:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.