Error with letsencrypt renew

[moderator’s note: this thread is fairly old, but still gets a lot of traffic. I’d encourage you to search more recent threads if you need help with a problem that seems similar to this!]

Hi, I can´t get renew to work can you point me in the right direction to fix this.
Ubuntu 14.04, zimbra server 8.6

–version letsencrypt 0.5.0

root@mail:/letsencrypt# ./letsencrypt-auto renew
Checking for new version…
Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt renew


Processing /etc/letsencrypt/renewal/dryg.org.conf

2016-04-06 09:18:39,332:WARNING:letsencrypt.renewal:Renewal configuration file /etc/letsencrypt/renewal/dryg.org.conf is broken. Skipping.
An unexpected error occurred:
TypeError: append() takes exactly one argument (2 given)
Please see the logfiles in /var/log/letsencrypt for more details.

root@mail:/letsencrypt# cat /var/log/letsencrypt/letsencrypt.log
2016-04-06 07:38:58,285:DEBUG:letsencrypt.main:Root logging level set at 30
2016-04-06 07:38:58,286:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-04-06 07:38:58,286:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-04-06 07:38:58,286:DEBUG:letsencrypt.main:Arguments:
2016-04-06 07:38:58,286:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-04-06 07:38:58,289:WARNING:letsencrypt.renewal:Renewal configuration file /etc/letsencrypt/renewal/dryg.org.conf is broken. Skipping.
2016-04-06 07:38:58,290:DEBUG:letsencrypt.renewal:Traceback was:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/renewal.py”, line 62, in _reconstitute
full_path, configuration.RenewerConfiguration(config))
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/storage.py”, line 265, in init
self._check_symlinks()
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/storage.py”, line 273, in _check_symlinks
“expected {0} to be a symlink”.format(link))
CertStorageError: expected /etc/letsencrypt/live/dryg.org/cert.pem to be a symlink

2016-04-06 07:38:58,290:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py”, line 692, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py”, line 538, in renew
renewal.renew_all_lineages(config)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/renewal.py”, line 355, in renew_all_lineages
renew_skipped, parse_failures)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/renewal.py”, line 290, in _renew_describe_results
notify(parse_failures, “parsefail”)
TypeError: append() takes exactly one argument (2 given)

This line stands out. Did you modify, delete or move that file at any point?

All files in /etc/letsencrypt/live/dryg.org should be symlinks, not actual files. Try running ls -l /etc/letsencrypt/live/dryg.org and confirm it looks somewhat like this:

lrwxrwxrwx 1 root root 41 Apr  4 10:09 cert.pem -> ../../archive/dryg.org/cert2.pem
lrwxrwxrwx 1 root root 42 Apr  4 10:09 chain.pem -> ../../archive/dryg.org/chain2.pem
lrwxrwxrwx 1 root root 46 Apr  4 10:09 fullchain.pem -> ../../archive/dryg.org/fullchain2.pem
lrwxrwxrwx 1 root root 44 Apr  4 10:09 privkey.pem -> ../../archive/dryg.org/privkey2.pem

You can re-create those symlinks with ln -s /etc/letsencrypt/archive/dryg.org/cert2.pem /etc/letsencrypt/live/dryg.org/cert.pem. The first path should lead to the most recent file in /etc/letsencrypt/archive/dryg.org/ (highest number after "cert").

1 Like

Hi

Thanks for the reply
Files were not moved or deleated, moved git “letsencrypt” directory though before doing the install maby that broke things.
looks like this at the moment.

root@mail:/letsencrypt# ls -l /etc/letsencrypt/live/dryg.org
total 8
-rw-r–r-- 1 root root 1805 Apr 6 08:49 cert.pem
-rw-r–r-- 1 root root 2848 Apr 6 08:49 chain.pem
lrwxrwxrwx 1 root root 37 Apr 6 08:35 fullchain.pem -> …/…/archive/dryg.org/fullchain1.pem
lrwxrwxrwx 1 root root 35 Apr 6 08:35 privkey.pem -> …/…/archive/dryg.org/privkey1.pem
root@mail:/letsencrypt# ls -l /etc/letsencrypt/archive/dryg.org
total 16
-rw-r–r-- 1 root root 1805 Apr 6 08:35 cert1.pem
-rw-r–r-- 1 root root 2848 Apr 6 08:45 chain1.pem
-rw-r–r-- 1 root root 3452 Apr 6 08:35 fullchain1.pem
-rw-r–r-- 1 root root 1704 Apr 6 08:35 privkey1.pem

fixex symlinks ran renew again with following results

Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt renew


Processing /etc/letsencrypt/renewal/dryg.org.conf

The following certs are not due for renewal yet:
/etc/letsencrypt/live/dryg.org/fullchain.pem (skipped)
No renewals were attempted.

yey!

Follow up question, since it zimbra and special meassures were taken to build intermediate and deploying certs look at
https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate

will i have to do this every time?

Best of regards and superthanks!

I would recommend writing a small bash script to do that.
Based on that wiki page, the steps would probably be something like:

Run letsencrypt renew, use --post-hook to run a bash script in case a certificate was renewed. This bash script might do something like:

  1. Create a new chain file that includes the root CA, i.e. something like cat chain.pem root.pem > root_chain.pem
  2. Copy privkey.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.key
  3. Run /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem root_chain.pem
  4. Run zmcontrol restart.

(Note: I haven't tested this, and I'm not familiar with Zimbra, so make sure to test this properly and verify I haven't missed anything. :smile:)

Sweet ill give it a go!

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.