Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: ERROR:certbot._internal.renewal:Failed to renew
certificate mail.jewettfarm.com with error: [Errno 2]
No such file or directory: '/etc/letsencrypt/archive/mail.jewettfarm.com/privkey6.pem'
My web server is (include version): Nginx 1.18
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: Cloudflare for DNS-001 validation using plugin
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 2.5
I see my script was unable to locate a directory to save the privkey.pem file. I have corrected this. This got missed during a container migration process last week and I screwed up.
My question, can I use the last acme response "-----BEGIN CERTIFICATE----" information I found in /var/log/letsencrypt/letsencrypt.log, since I am rate limited for 24 hours. Or am I stuck waiting?
So in the logs I see two certificate strings, is the first the certificate, and second "----BEGIN CERTIFICATE----" block is the privkey file? Just need to know how to match them up. I can just paste them into new files in the correct path.
I have moved the /etc/letsencrypt/archive/mail.jewettracing.com directory to it's proper location. Somehow it was renamed as "mail.jewettfarm.com" and the initial certs were pulled in under mail.jewettracing.com - so the renewal had no place to write. I am fixing these issues, just wanted to know if I can somehow manually update the certs with one of the many it has already been sent.
Sorry for the confusion. I need to add my email to the command string so I get these notifications sooner.
Here you say the migration was "last week", but your "daily" certificate issuance is going on since 2023-03-13 already? That's not 1 week earlier, but 1 month? So I'm not fully convinced. Or multiple things are going wrong, starting 2023-03-13, that's possible too of course.
Certs? Sure. Private keys? Nope, not with Certbot 2.5. With Certbot 2.2.0 or earlier, the private keys were saved in /keys/, but you're using 2.5 so no private keys were saved except for in /archive/.
Sorry if this is a duplicate, but this is the event that seems to have started this mess back in March:
ERROR:certbot._internal.renewal:Failed to renew certificate mail.jewettfarm.com with error: [Errno 2] No such file or directory: '/etc/letsencrypt/archive/mail.jewettfarm.com/privkey6.pem'
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/archive/mail.jewettfarm.com/privkey6.pem'
Still don't know what it was running daily yet, but this seems to be the trigger point.
Usually one just transfers the entire /etc/letsencrypt/ directory using e.g. rsync with the --archive option or tar. It's also perfectly possible to use e.g. cp but you'd want to use the --archive option for that one too.
It renewed the cert for mail.jewettfarm.com, however the private key does not match the certificate in the new directory it created. Oh and it saved the fullchain.pem file as a file and not a symlink, the symlink is named fullchain.pem.orig. So im stumped. Guess I have to wait.