Error with letsencrypt renew

[moderator’s note: this thread is fairly old, but still gets a lot of traffic. I’d encourage you to search more recent threads if you need help with a problem that seems similar to this!]

Hi, I can´t get renew to work can you point me in the right direction to fix this.
Ubuntu 14.04, zimbra server 8.6

–version letsencrypt 0.5.0

root@mail:/letsencrypt# ./letsencrypt-auto renew
Checking for new version…
Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt renew

Processing /etc/letsencrypt/renewal/

2016-04-06 09:18:39,332:WARNING:letsencrypt.renewal:Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.
An unexpected error occurred:
TypeError: append() takes exactly one argument (2 given)
Please see the logfiles in /var/log/letsencrypt for more details.

root@mail:/letsencrypt# cat /var/log/letsencrypt/letsencrypt.log
2016-04-06 07:38:58,285:DEBUG:letsencrypt.main:Root logging level set at 30
2016-04-06 07:38:58,286:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-04-06 07:38:58,286:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-04-06 07:38:58,286:DEBUG:letsencrypt.main:Arguments:
2016-04-06 07:38:58,286:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-04-06 07:38:58,289:WARNING:letsencrypt.renewal:Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.
2016-04-06 07:38:58,290:DEBUG:letsencrypt.renewal:Traceback was:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 62, in _reconstitute
full_path, configuration.RenewerConfiguration(config))
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 265, in init
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 273, in _check_symlinks
“expected {0} to be a symlink”.format(link))
CertStorageError: expected /etc/letsencrypt/live/ to be a symlink

2016-04-06 07:38:58,290:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 692, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 538, in renew
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 355, in renew_all_lineages
renew_skipped, parse_failures)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 290, in _renew_describe_results
notify(parse_failures, “parsefail”)
TypeError: append() takes exactly one argument (2 given)

This line stands out. Did you modify, delete or move that file at any point?

All files in /etc/letsencrypt/live/ should be symlinks, not actual files. Try running ls -l /etc/letsencrypt/live/ and confirm it looks somewhat like this:

lrwxrwxrwx 1 root root 41 Apr  4 10:09 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root 42 Apr  4 10:09 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root 46 Apr  4 10:09 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root 44 Apr  4 10:09 privkey.pem -> ../../archive/

You can re-create those symlinks with ln -s /etc/letsencrypt/archive/ /etc/letsencrypt/live/ The first path should lead to the most recent file in /etc/letsencrypt/archive/ (highest number after "cert").

1 Like


Thanks for the reply
Files were not moved or deleated, moved git “letsencrypt” directory though before doing the install maby that broke things.
looks like this at the moment.

root@mail:/letsencrypt# ls -l /etc/letsencrypt/live/
total 8
-rw-r–r-- 1 root root 1805 Apr 6 08:49 cert.pem
-rw-r–r-- 1 root root 2848 Apr 6 08:49 chain.pem
lrwxrwxrwx 1 root root 37 Apr 6 08:35 fullchain.pem -> …/…/archive/
lrwxrwxrwx 1 root root 35 Apr 6 08:35 privkey.pem -> …/…/archive/
root@mail:/letsencrypt# ls -l /etc/letsencrypt/archive/
total 16
-rw-r–r-- 1 root root 1805 Apr 6 08:35 cert1.pem
-rw-r–r-- 1 root root 2848 Apr 6 08:45 chain1.pem
-rw-r–r-- 1 root root 3452 Apr 6 08:35 fullchain1.pem
-rw-r–r-- 1 root root 1704 Apr 6 08:35 privkey1.pem

fixex symlinks ran renew again with following results

Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt renew

Processing /etc/letsencrypt/renewal/

The following certs are not due for renewal yet:
/etc/letsencrypt/live/ (skipped)
No renewals were attempted.


Follow up question, since it zimbra and special meassures were taken to build intermediate and deploying certs look at

will i have to do this every time?

Best of regards and superthanks!

I would recommend writing a small bash script to do that.
Based on that wiki page, the steps would probably be something like:

Run letsencrypt renew, use --post-hook to run a bash script in case a certificate was renewed. This bash script might do something like:

  1. Create a new chain file that includes the root CA, i.e. something like cat chain.pem root.pem > root_chain.pem
  2. Copy privkey.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.key
  3. Run /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem root_chain.pem
  4. Run zmcontrol restart.

(Note: I haven't tested this, and I'm not familiar with Zimbra, so make sure to test this properly and verify I haven't missed anything. :smile:)

Sweet ill give it a go!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.