Error while saving files for new certificate

Help
1

I'm unable to generate a new certificate. Apparently everything runs correctly, but the problem occurs on writing certificates to letsencrypt/archive folder.

My domain is: *.srv-108-181-92-66.webserverhost.top

I ran this command: certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secret/cloudflare.ini --register-unsafely-without-email --agree-tos -d "*.srv-108-181-92-66.webserverhost.top"

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Account registered.
Requesting a certificate for *.srv-108-181-92-66.webserverhost.top
Performing the following challenges:
dns-01 challenge for srv-108-181-92-66.webserverhost.top
Unsafe permissions on credentials configuration file: ~/.secret/cloudflare.ini
Waiting 10 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
An unexpected error occurred:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/live/srv-108-181-92-66.webserverhost.top/cert.pem'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Litespeed

The operating system my web server runs on is (include version): CentOS 7

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

Logfile /var/log/letsencrypt/letsencrypt.log:

[...]
f5c9fF3u87WUAJu4Vh9C+ewXZtzL0LD46lYgpn7fv5w9sLS4zQ3CIC3udjJ5Gc/v
8VhPQaU1Enn7NW+4IHnfSeP6G5rzLEtl0PreC4k=
-----END CERTIFICATE-----

2023-06-20 06:19:35,008:DEBUG:acme.client:Storing nonce: riQvc_enNygqAoe_xc5dO9y8-XChhknlDcsaW-AJ_jxIQ4SjB9Q
2023-06-20 06:19:35,012:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive.
2023-06-20 06:19:35,012:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live.
2023-06-20 06:19:35,013:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/README.
2023-06-20 06:19:35,014:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/srv-108-181-92-66.webserverhost.top.
2023-06-20 06:19:35,014:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/srv-108-181-92-66.webserverhost.top.
2023-06-20 06:19:35,015:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3024/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 528, in obtain_and_enroll_certificate
    return storage.RenewableCert.new_lineage(
  File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/storage.py", line 1100, in new_lineage
    with open(target["cert"], "wb") as f_b:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/live/srv-108-181-92-66.webserverhost.top/cert.pem'
2023-06-20 06:19:35,020:ERROR:certbot._internal.log:An unexpected error occurred:
2023-06-20 06:19:35,021:ERROR:certbot._internal.log:FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/live/srv-108-181-92-66.webserverhost.top/cert.pem'
2

Hello @betonunes, welcome to the Let's Encrypt community. :slightly_smiling_face:

You may need to run that with root level permissions, typically sudo (sudo - Wikipedia)

3

Nothing big here just a WARNING.

Let's Debug yields these results https://letsdebug.net/srv-108-181-92-66.webserverhost.top/1524306?debug=y

TXTDoubleLabel
WARNING
Some DNS records were found that indicate TXT records may have been incorrectly manually entered into DNS editor interfaces. The correct way to enter these records is to either remove the domain from the label (so enter "_acme-challenge.www.example.org" as "_acme-challenge.www") or include a period (.) at the end of the label (enter "_acme-challenge.example.org.").
The following probably-erroneous TXT records were found:
_acme-challenge.srv-108-181-92-66.webserverhost.top.webserverhost.top. 0 IN TXT "v=spf1 a -all"

And using https://unboundtest.com/ I see https://unboundtest.com/m/TXT/_acme-challenge.srv-108-181-92-66.webserverhost.top/AYOH5A7B

Query results for TXT _acme-challenge.srv-108-181-92-66.webserverhost.top

Response:
;; opcode: QUERY, status: NOERROR, id: 52115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: do; udp: 512

;; QUESTION SECTION:
;_acme-challenge.srv-108-181-92-66.webserverhost.top.	IN	 TXT

;; ANSWER SECTION:
_acme-challenge.srv-108-181-92-66.webserverhost.top.	0	IN	TXT	"aHLSSrNeHh1-xjH0QalHd43G39OdbpU8fw4fcnBOEL8"

----- Unbound logs -----
Jun 20 14:18:14 unbound[411230:0] notice: init module 0: validator
3 Likes
4

Did you happen to delete any files or folders within /etc/letsencrypt/ ?

2 Likes
5

@Bruce5051 i'm already root

1 Like
6

@Bruce5051 those TXT errors were just some tests.. it's not the cause for the main problem of this topic :smiling_face_with_tear:

1 Like
7

@rg305 the folders where empty when the error occurs.. i've repeated this several times..

1 Like
8

Are they still empty?
ls -lR /etc/letsencrypt/

2 Likes
9

After executing the command, the folders are created.. But the files for the certificate are not being created in the "archive" folder.. Because of this the "FileNotFoundError" occurs

10

Do you have SELinux or similar system controlling files? Could it be blocking creation?

4 Likes
11

That command only lists the folders, it doesn't create anything but the text output it provides.

Please show the output of that command.

2 Likes
12

I was referring to the certbot certonly [...] command.. not the ls..

But the output for your command is this:

/etc/letsencrypt:
total 0
drwx------ 3 root root 58 Jun 20 05:31 accounts
drwx------ 3 root root 57 Jun 20 05:31 archive
drwxr-xr-x 2 root root 42 Jun 20 05:31 csr
drwx------ 2 root root 42 Jun 20 05:31 keys
drwx------ 3 root root 75 Jun 20 05:31 live
drwxr-xr-x 2 root root 54 Jun 20 05:31 renewal
drwxr-xr-x 5 root root 59 Jun 20 05:31 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root 31 Jun 20 05:31 acme-staging-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 54 Jun 20 05:31 directory

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory:
total 0
drwx------ 2 root root 80 Jun 20 05:31 75a5f3cfa58136bb58a39247a90dee2c

/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/75a5f3cfa58136bb58a39247a90dee2c:
total 12
-rw-r--r-- 1 root root   93 Jun 20 05:31 meta.json
-r-------- 1 root root 1632 Jun 20 05:31 private_key.json
-rw-r--r-- 1 root root   87 Jun 20 05:31 regr.json

/etc/letsencrypt/archive:
total 0
drwxr-xr-x 2 root root 6 Jun 20 05:31 srv-108-181-92-66.webserverhost.top

/etc/letsencrypt/archive/srv-108-181-92-66.webserverhost.top:
total 0

/etc/letsencrypt/csr:
total 4
-rw-r--r-- 1 root root 956 Jun 20 05:31 0000_csr-certbot.pem

/etc/letsencrypt/keys:
total 4
-rw------- 1 root root 1704 Jun 20 05:31 0000_key-certbot.pem

/etc/letsencrypt/live:
total 4
-rw-r--r-- 1 root root 740 Jun 20 05:31 README
drwxr-xr-x 2 root root  99 Jun 20 05:31 srv-108-181-92-66.webserverhost.top

/etc/letsencrypt/live/srv-108-181-92-66.webserverhost.top:
total 0
lrwxrwxrwx 1 root root 59 Jun 20 05:31 cert.pem -> ../../archive/srv-108-181-92-66.webserverhost.top/cert1.pem
lrwxrwxrwx 1 root root 60 Jun 20 05:31 chain.pem -> ../../archive/srv-108-181-92-66.webserverhost.top/chain1.pem
lrwxrwxrwx 1 root root 64 Jun 20 05:31 fullchain.pem -> ../../archive/srv-108-181-92-66.webserverhost.top/fullchain1.pem
lrwxrwxrwx 1 root root 62 Jun 20 05:31 privkey.pem -> ../../archive/srv-108-181-92-66.webserverhost.top/privkey1.pem

/etc/letsencrypt/renewal:
total 0
-rw-r--r-- 1 root root 0 Jun 20 05:31 srv-108-181-92-66.webserverhost.top.conf

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 2 root root 6 Jun 20 05:31 deploy
drwxr-xr-x 2 root root 6 Jun 20 05:31 post
drwxr-xr-x 2 root root 6 Jun 20 05:31 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0

/etc/letsencrypt/renewal-hooks/post:
total 0

/etc/letsencrypt/renewal-hooks/pre:
total 0

The domain subfolder in archive folder is empty because the files are not being created.. But in the /var/log/letsencrypt/letsencrypt.log logfile we can see that the certificate is being generated successfully, but for some reason the files are not saved.. however, the log does not show any write errors. it's as if the process simply skipped the step of writing the certificate to the files.

13

Something doesn't add up.
There exists only a staging account.

Are you on the right system?

3 Likes
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.