File already Exist

Red2021 · October 19, 2019, 7:45pm

My domain is: roots.systems

I ran this command: sudo certbot renew

The version of my client is 0.35.1

So I quickly ran out of retries last week (rate of 5 per week), Came close to running out again before I began to dig a bit further into it. For whatever reason my certificate files in the “/live” folder are holding the initial certificate request and not updating to the new certificates after renewal. Is this normal?

mnordhoff · October 19, 2019, 8:14pm

Don’t run it again, but do you have a copy of what “sudo certbot renew” displayed last time it issued a certificate? If so, can you post it?

Can you post the output “sudo ls -alR /etc/letsencrypt/{archive,live,renewal}”?

rg305 · October 19, 2019, 8:20pm

Did you happen to copy files around in/out of any of the LE folders?
[backup/restore]

Red2021 · October 20, 2019, 4:57pm

I wish I kept it (the output), I do know it just said what it should normally say, that it was successfully renewed. Its odd cause if I do try it again it will just say the cert is out of date cause its not updating those files.

/etc/letsencrypt/archive:
total 20
drwx------ 5 root root 4096 Jul 10 04:18 .
drwxr-xr-x 10 root root 4096 Oct 20 14:46 …
drwxr-xr-x 2 root root 4096 Oct 19 19:25 roots.systems
drwxr-xr-x 2 root root 4096 Jul 10 04:15 roots.systems-0001
drwxr-xr-x 2 root root 4096 Jul 10 04:18 roots.systems-0002

/etc/letsencrypt/archive/roots.systems:
total 28
drwxr-xr-x 2 root root 4096 Oct 19 19:25 .
drwx------ 5 root root 4096 Jul 10 04:18 …
-rw-r–r-- 1 root root 1911 Oct 19 18:57 cert2.pem
-rw-r–r-- 1 root root 1647 Oct 19 18:57 chain2.pem
-rw-r–r-- 1 root root 3558 Oct 19 18:57 fullchain2.pem
-rw------- 1 root root 1704 Oct 10 02:44 privkey1.pem
-rw------- 1 root root 1704 Oct 19 18:57 privkey2.pem

/etc/letsencrypt/archive/roots.systems-0001:
total 24
drwxr-xr-x 2 root root 4096 Jul 10 04:15 .
drwx------ 5 root root 4096 Jul 10 04:18 …
-rw-r–r-- 1 root root 2256 Jul 10 04:15 cert1.pem
-rw-r–r-- 1 root root 1647 Jul 10 04:15 chain1.pem
-rw-r–r-- 1 root root 3903 Jul 10 04:15 fullchain1.pem
-rw------- 1 root root 3272 Jul 10 04:15 privkey1.pem

/etc/letsencrypt/archive/roots.systems-0002:
total 24
drwxr-xr-x 2 root root 4096 Jul 10 04:18 .
drwx------ 5 root root 4096 Jul 10 04:18 …
-rw-r–r-- 1 root root 2256 Jul 10 04:18 cert1.pem
-rw-r–r-- 1 root root 1647 Jul 10 04:18 chain1.pem
-rw-r–r-- 1 root root 3903 Jul 10 04:18 fullchain1.pem
-rw------- 1 root root 3272 Jul 10 04:18 privkey1.pem

/etc/letsencrypt/live:
total 16
drwx------ 3 root root 4096 Jul 10 04:20 .
drwxr-xr-x 10 root root 4096 Oct 20 14:46 …
-rw-r–r-- 1 root root 740 Apr 19 2019 README
drwxr-xr-x 2 root root 4096 Oct 19 19:14 roots.systems

/etc/letsencrypt/live/roots.systems:
total 12
drwxr-xr-x 2 root root 4096 Oct 19 19:14 .
drwx------ 3 root root 4096 Jul 10 04:20 …
lrwxrwxrwx 1 root root 42 Oct 19 18:57 cert.pem -> …/…/archive/roots.systems-0002/cert1.pem
lrwxrwxrwx 1 root root 43 Oct 19 18:57 chain.pem -> …/…/archive/roots.systems-0002/chain1.pem
lrwxrwxrwx 1 root root 47 Oct 19 18:57 fullchain.pem -> …/…/archive/roots.systems-0002/fullchain1.pem
lrwxrwxrwx 1 root root 45 Oct 19 18:57 privkey.pem -> …/…/archive/roots.systems-0002/privkey1.pem
-rw-r–r-- 1 root root 692 Jul 10 04:18 README

/etc/letsencrypt/renewal:
total 12
drwxr-xr-x 2 root root 4096 Oct 19 18:57 .
drwxr-xr-x 10 root root 4096 Oct 20 14:46 …
-rw-r–r-- 1 root root 574 Oct 19 18:57 roots.systems.conf

The roots.systems0001 and roots.systems0002 are obviously old certs that are now inactive. (Just haven’t deleted them yet)

No. I only use the cat command to concentrate fullchain and private to my cert directory used by my webserver (locked to only root) Original files are never moved, copied, or deleted.

rg305 · October 20, 2019, 7:50pm

It seems like all these links:

point to expired files:

Maybe I’m missing something…

Red2021 · October 22, 2019, 2:43am

Yeah i’m not sure what could have caused that. Its odd that the certbot doesn’t overwrite the files anyway when it renews the certs. Still unsure what to do.

mnordhoff · October 22, 2019, 3:07am

You need to adjust the symlinks in /etc/letsencrypt/live/roots.systems/. They’re supposed to point to the files in ../../archive/roots.systems/ but they’re pointing to ../../archive/roots.systems-0002/ instead.

Red2021 · October 26, 2019, 4:30am

I see, I have made the appropriate changes and did a dry run. Certbot found one error with my corrections but looked promising since it said the certs were not due for renewal. Not really sure how the other directory got created in the first place. Thanks for the help.

Red

system · November 25, 2019, 4:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.