Error renewing certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: domain (check hyperlink)

I ran this command: cerbot renew , cerbot certificates

It produced this output: no certs found, no renewals attempted

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 18.04.3

My hosting provider, if applicable, is: DO

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

**I see all the certificates in the folder docker-volumes/etc/letsencrypt folder **
on the path /etc/letsencrypt there are no live keys stored.
The keys from docker volumes are mounted to the Docker containers as well .
I have received an email about the renewal, but when I try renewing it, I get no certs found, no renewals attempted. Maybe I feel it is trying to fetch details from default path i.e etc/letsencrypt but actually the data is in docker-volumes/etc/letsencrypt folder. How do i fix it?

1 Like

Can you make a symbolic link to use /docker-volumes/etc/letsencrypt/ as /etc/letsencrypt/ ?

If not, try:
certbot renew --config-dir /docker-volumes/etc/letsencrypt/

1 Like

Hey !
It tried the renew command with config dir

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 67, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 463, in init
self._check_symlinks()
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 522, in _check_symlinks
“expected {0} to be a symlink”.format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/upskill.techzillaindia.com/cert.pem to be a symlink
Renewal configuration file /docker-volumes/etc/letsencrypt/renewal/upskill.techzillaindia.com.conf is broken. Skipping.

How exactly to make a symbolic link? Help will be appreciated!

Thanks

1 Like

I tried the command but Additionally, the following renewal configurations were invalid:
/docker-volumes/etc/letsencrypt/renewal/upskill.techzillaindia.com.conf (parsefail)

How excatly to make a symbolic link? Any help will be appreciated!

1 Like

renewal configuration file /docker-volumes/etc/letsencrypt/renewal/upskill.techzillaindia.com.conf is broken.

The config file is as follows

renew_before_expiry = 30 days

version = 1.2.0
archive_dir = docker-volumes/etc/letsencrypt/archive/upskill.techzillaindia.com
cert = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/cert.pem
privkey = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/privkey.pem
chain = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/chain.pem
fullchain = docker-volumes/etc/letsencrypt/live/upskill.techzillaindia.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = ccb8e67bb38219c386c3d6e2a866ee39
authenticator = webroot
webroot_path = /data/letsencrypt,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
upskill.techzillaindia.com = /data/letsencrypt

Where it says:
…= docker-volumes/…
Should that be?:
…= /docker-volumes/…

What says?:
ls -l /docker-volumes/etc/letsencrypt/
ls -l /data/letsencrypt/

1 Like

I don’t know why there is a comma there.

1 Like

He must have corrected those two items you pointed out @rg305. The site is up and has its cert.

1 Like

We may never know…
Then name should have clued me in “Mysterio”.
[Spanish for Mystery]

1 Like

Hey! I am fixing it! The site was already up, my renewal is due on 6th june.
I facing acme challenge verification issue. I’ll update here once done.

1 Like

:ok_hand:
If you’re having an issue with the acme challenge, don’t hesitate to ask for help. Isn’t great you’re learning as you go? Soon you’ll be an old pro at renewing. :slightly_smiling_face:

1 Like

I used this tutorial to set up ssl for my website

Created this directory
sudo mkdir -p /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site

Then I created a temporary nginx container, using compose file at
/docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site

docker-compose.yml
version: ‘3.1’

services:

letsencrypt-nginx-container:
container_name: ‘letsencrypt-nginx-container’
image: nginx:latest
ports:
- “80:80”
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./letsencrypt-site:/usr/share/nginx/html
networks:
- docker-network

networks:
docker-network:
driver: bridge

Then created a temporary nginx config to be served using
sudo nano /docker/letsencrypt-docker-nginx/src/letsencrypt/nginx.conf
nginx.conf
erver {
listen 80;
listen [::]:80;
server_name example-site.com www.example-site.com;

location ~ /.well-known/acme-challenge {
    allow all;
    root /usr/share/nginx/html;
}

root /usr/share/nginx/html;
index index.html;

}

A temporary html file at
/docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site/index.html

Then spin up the container using
cd /docker/letsencrypt-docker-nginx/src/letsencrypt
docker-compose up -d
Site was running at the domain

then I fired being in the same directory as /docker/letsencrypt-docker-nginx/src/letsencrypt

sudo docker run -it --rm
-v /docker-volumes/etc/letsencrypt:/etc/letsencrypt
-v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt
-v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt
-v “/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt”
certbot/certbot
certonly --webroot
–email youremail@domain.com --agree-tos --no-eff-email
–webroot-path=/data/letsencrypt
-d example-site.com -d www.example-site.com

and certificates were available at
/docker-volumes/etc/letsencrypt

And then volume mapped pem files to our production container.

Now I have to renew the certificates

How should I renew the certificates, I fired certbot renew command at
/docker-volumes/etc/letsencrypt

The renewal config file is the same as mentioned above
with web root path "/data/letsencrypt’ the error shows no file and directory.
When I update it with other existing directly the Http challenge fails.

1 Like

@rg305 Any update? My expiry date is nearing

The tutorial you followed is a pile of steaming crap that uses the host crontab to renew certificates (search for “renew” in that page and you’ll find how).

You should switch to this one:

2 Likes