Errors after deleting /etc/letsencrypt/live (OSError: [Errno 22] Invalid argument)


#1

Hi,

I was just accepted to the beta program and tried to install the certifcates using the client. I’m quite a noob in the ssl world and server configuration, and like all noobs I think I messed it up a bit.

Here is what I did:

I ran the client as described in the e-mail I received about the beta test:

  ./letsencrypt-auto --agree-dev-preview --server \
      https://acme-v01.api.letsencrypt.org/directory certonly

Then, I requested a certificate for the domains notworking.mydomain.nl and working.mydomain.nl. The gitlab.mydomain.nl domain worked ‘out-of-the-box’. However, for notworking.mydomain.nl the old ‘happy hacker’ face certificate, that I generated by the client before, remained active.

Then I performed the ‘stupid’ action of manually removing /etc/letsencrypt/live/notworking.mydomain.nl/ folder in an attempt to make sure that my old certificate was removed. But doing this, I was no longer able to run the Apache Web Sever option of the client, since Apache was misconfigured (because it couldn’t find the files that were specified in the apache .conf file. I resolved this by replacing the /etc/live/notworking.mydomain.nl/ folder with the folder from the /letsencrypt/archive/. This removed the ‘misconfigured’ message, but results in the following error:

OSError: [Errno 22] Invalid argument: '/etc/letsencrypt/live/notworking.mydomain.nl/cert.pem'

I have the following questions:

  • How can it be that my initial attempt didn’t replace the old certificate with the new validated certificate?
  • How can I ‘fix’ the Errno 22?

#2

Hi,

I was able to get the certificates running for my domains. So my question 2 is resolved. I did the following:

  1. Remove the /etc/letsencrypt/ folder. This will allow me to start from ‘scratch’ again.
  2. Remove the reference to the LetsEncrypt Certificates in the Apache *.conf files. This is required to prevent the client from complaining that apache is mis-configured. Instead of the LetsEncrypt certificates I used unsigned certificates.
  3. Run the LetsEncrypt client and obtain new certificates.
  4. Modify the Apache *.conf files to use the newly generated LetsEncrypt certificates.

I think my initial attempt of replacing the ‘Happy-Hacker’ certificates I previously generated by the signed certificates of the Beta program was due to a badly configured *.conf file in Apache.


#3

I believe the following patch resolves this issue: https://github.com/letsencrypt/letsencrypt/issues/2088

I was getting the same error as you - I applied the patch and was able to successfully provision a cert.


#4

Hi Kevin,

Thanks for getting back at me. Your solution might indeed solve the problem. Next time I run in to it, I will definitely try it!

Martijn