help,Renewal configuration file /etc/letsencrypt/renewal/chatbot.cn.conf is broken. Skipping


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:chatbot.cn

I ran this command:
./certbot-auto certonly -d *.chatbot.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:

My web server is (include version):nginx

The operating system my web server runs on is (include version):centos

My hosting provider, if applicable, is:vultr

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):ssh

My problem

My problem is that the https certificate is almost expired, I want to renew, and then accidentally generated a new certificate, but now I want to renew the old certificate, I deleted the new certificate, and then put the old certificate Overwrite, found that the error configuration file is wrong, guess the configuration file is the configuration file of the new certificate, the old certificate configuration file is not backed up, help

chatbot.cn.conf(new)

# renew_before_expiry = 30 days
version = 0.27.1
archive_dir = /etc/letsencrypt/archive/chatbot.cn
cert = /etc/letsencrypt/live/chatbot.cn/cert.pem
privkey = /etc/letsencrypt/live/chatbot.cn/privkey.pem
chain = /etc/letsencrypt/live/chatbot.cn/chain.pem
fullchain = /etc/letsencrypt/live/chatbot.cn/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = manual
account = 8bf296e0c0e491a529108b3456381eb5
pref_challs = dns-01,
manual_public_ip_logging_ok = True
server = https://acme-v02.api.letsencrypt.org/directory

How can I retrieve my old certificate configuration file?


#2

Hi,

Why do you want the old configuration file?

Did you also use Manual when you request a certificate last time?

If so, you are not able to renew the certificate without specifying “renew hook” & “clean up hook”…

If your DNS provider does not provide API… you would need to use manual everytime & aren’t able to renew the certificate automatically… Which means you’ll need to request a new certificate everytime.

Thank you


#3

Hi @it5200

“renew” means, that you have to create a new certificate. The only difference is: You can use stored parameters.

This is wrong. You need a new certificate, if your old certificate expires.


#4

Certbot’s way of referring to this can make this confusing for some people. Although renewal is always implemented by issuing a new certificate, when Certbot manages certificates for you it draws a distinction between certificates that are intended to replace older certificates and those that are entirely unrelated to older certificates. You can always see the status of the Certbot-managed certificates by running certbot certificates.


#5

run ./certbot-auto certificates Report an error Renewal configuration file /etc/letsencrypt/renewal/chatbot.cn.conf produced an unexpected error: expected /etc/letsencrypt/live/chatbot.cn/privkey.pem to be a symlink. Skipping.

How can I get the storage parameters of the old certificate?


#6

What did you do exactly to your /etc/letsencrypt directory? What did you change there?

Can you show us the output of this command?

ls -lR /etc/letsencrypt


#7
total 28
drwx------ 3 root root 4096 Jul 12 11:10 accounts
drwx------ 3 root root 4096 Jul 12 11:45 archive
drwxr-xr-x 2 root root 4096 Sep 11 19:03 csr
drwx------ 2 root root 4096 Sep 11 19:03 keys
drwxr-xr-x 4 root root 4096 Jul 12 11:45 live
drwxr-xr-x 2 root root 4096 Sep 11 18:04 renewal
drwxr-xr-x 5 root root 4096 Jul 12 11:10 renewal-hooks

/etc/letsencrypt/accounts:
total 4
drwx------ 3 root root 4096 Jul 12 11:10 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 4
drwx------ 3 root root 4096 Jul 12 11:11 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 4
drwx------ 2 root root 4096 Jul 12 11:11 8bf296e0c0e491a529108b3456381eb5

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/8bf296e0c0e491a529108b3456381eb5:
total 12
-rw-r--r-- 1 root root   81 Jul 12 11:11 meta.json
-r-------- 1 root root 1632 Jul 12 11:11 private_key.json
-rw-r--r-- 1 root root   78 Jul 12 11:11 regr.json

/etc/letsencrypt/archive:
total 4
drwxr-xr-x 2 root root 4096 Sep 11 18:04 chatbot.cn

/etc/letsencrypt/archive/chatbot.cn:
total 32
-rw-r--r-- 1 root root 2147 Jul 12 11:45 cert1.pem
-rw-r--r-- 1 root root 2147 Sep 11 18:04 cert2.pem
-rw-r--r-- 1 root root 1647 Jul 12 11:45 chain1.pem
-rw-r--r-- 1 root root 1647 Sep 11 18:04 chain2.pem
-rw-r--r-- 1 root root 3794 Jul 12 11:45 fullchain1.pem
-rw-r--r-- 1 root root 3794 Jul 13 11:02 fullchain2.pem
-rw-r--r-- 1 root root 1704 Jul 12 11:45 privkey1.pem
-rw-r--r-- 1 root root 1704 Jul 13 11:02 privkey2.pem

/etc/letsencrypt/csr:
total 24
-rw-r--r-- 1 root root 920 Jul 12 11:11 0000_csr-certbot.pem
-rw-r--r-- 1 root root 920 Jul 12 11:30 0001_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 16:43 0002_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 16:55 0003_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 18:03 0004_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 19:03 0005_csr-certbot.pem

/etc/letsencrypt/keys:
total 24
-rw------- 1 root root 1704 Jul 12 11:11 0000_key-certbot.pem
-rw------- 1 root root 1704 Jul 12 11:30 0001_key-certbot.pem
-rw------- 1 root root 1704 Sep 11 16:43 0002_key-certbot.pem
-rw------- 1 root root 1704 Sep 11 16:55 0003_key-certbot.pem
-rw------- 1 root root 1704 Sep 11 18:03 0004_key-certbot.pem
-rw------- 1 root root 1708 Sep 11 19:03 0005_key-certbot.pem

/etc/letsencrypt/live:
total 8
drwxr-xr-x 2 root root 4096 Sep 11 18:59 chatbot.cn


/etc/letsencrypt/live/chatbot.cn:
total 12
lrwxrwxrwx 1 root root   34 Sep 11 18:04 cert.pem -> ../../archive/chatbot.cn/cert2.pem
lrwxrwxrwx 1 root root   35 Sep 11 18:04 chain.pem -> ../../archive/chatbot.cn/chain2.pem
-rw-r--r-- 1 root root 3794 Jul 13 11:02 fullchain.pem
-rw-r--r-- 1 root root 1704 Jul 13 11:02 privkey.pem
-rw-r--r-- 1 root root  682 Jul 12 11:45 README



/etc/letsencrypt/renewal:
total 4
-rw-r--r-- 1 root root 547 Sep 11 19:02 chatbot.cn.conf

/etc/letsencrypt/renewal-hooks:
total 12
drwxr-xr-x 2 root root 4096 Jul 12 11:10 deploy
drwxr-xr-x 2 root root 4096 Jul 12 11:10 post
drwxr-xr-x 2 root root 4096 Jul 12 11:10 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0

/etc/letsencrypt/renewal-hooks/post:
total 0

/etc/letsencrypt/renewal-hooks/pre:
total 0

I want to retrieve the conf of the old certificate, because a new certificate is regenerated, and the old certificate conf is overwritten.


#8
total 28
drwx------ 3 root root 4096 Jul 12 11:10 accounts
drwx------ 3 root root 4096 Jul 12 11:45 archive
drwxr-xr-x 2 root root 4096 Sep 11 19:03 csr
drwx------ 2 root root 4096 Sep 11 19:03 keys
drwxr-xr-x 4 root root 4096 Jul 12 11:45 live
drwxr-xr-x 2 root root 4096 Sep 11 18:04 renewal
drwxr-xr-x 5 root root 4096 Jul 12 11:10 renewal-hooks

/etc/letsencrypt/accounts:
total 4
drwx------ 3 root root 4096 Jul 12 11:10 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 4
drwx------ 3 root root 4096 Jul 12 11:11 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 4
drwx------ 2 root root 4096 Jul 12 11:11 8bf296e0c0e491a529108b3456381eb5

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/8bf296e0c0e491a529108b3456381eb5:
total 12
-rw-r--r-- 1 root root   81 Jul 12 11:11 meta.json
-r-------- 1 root root 1632 Jul 12 11:11 private_key.json
-rw-r--r-- 1 root root   78 Jul 12 11:11 regr.json

/etc/letsencrypt/archive:
total 4
drwxr-xr-x 2 root root 4096 Sep 11 18:04 chatbot.cn

/etc/letsencrypt/archive/chatbot.cn:
total 32
-rw-r--r-- 1 root root 2147 Jul 12 11:45 cert1.pem
-rw-r--r-- 1 root root 2147 Sep 11 18:04 cert2.pem
-rw-r--r-- 1 root root 1647 Jul 12 11:45 chain1.pem
-rw-r--r-- 1 root root 1647 Sep 11 18:04 chain2.pem
-rw-r--r-- 1 root root 3794 Jul 12 11:45 fullchain1.pem
-rw-r--r-- 1 root root 3794 Jul 13 11:02 fullchain2.pem
-rw-r--r-- 1 root root 1704 Jul 12 11:45 privkey1.pem
-rw-r--r-- 1 root root 1704 Jul 13 11:02 privkey2.pem

/etc/letsencrypt/csr:
total 24
-rw-r--r-- 1 root root 920 Jul 12 11:11 0000_csr-certbot.pem
-rw-r--r-- 1 root root 920 Jul 12 11:30 0001_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 16:43 0002_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 16:55 0003_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 18:03 0004_csr-certbot.pem
-rw-r--r-- 1 root root 920 Sep 11 19:03 0005_csr-certbot.pem

/etc/letsencrypt/keys:
total 24
-rw------- 1 root root 1704 Jul 12 11:11 0000_key-certbot.pem
-rw------- 1 root root 1704 Jul 12 11:30 0001_key-certbot.pem
-rw------- 1 root root 1704 Sep 11 16:43 0002_key-certbot.pem
-rw------- 1 root root 1704 Sep 11 16:55 0003_key-certbot.pem
-rw------- 1 root root 1704 Sep 11 18:03 0004_key-certbot.pem
-rw------- 1 root root 1708 Sep 11 19:03 0005_key-certbot.pem

/etc/letsencrypt/live:
total 8
drwxr-xr-x 2 root root 4096 Sep 11 18:59 chatbot.cn


/etc/letsencrypt/live/chatbot.cn:
total 12
lrwxrwxrwx 1 root root   34 Sep 11 18:04 cert.pem -> ../../archive/chatbot.cn/cert2.pem
lrwxrwxrwx 1 root root   35 Sep 11 18:04 chain.pem -> ../../archive/chatbot.cn/chain2.pem
-rw-r--r-- 1 root root 3794 Jul 13 11:02 fullchain.pem
-rw-r--r-- 1 root root 1704 Jul 13 11:02 privkey.pem
-rw-r--r-- 1 root root  682 Jul 12 11:45 README



/etc/letsencrypt/renewal:
total 4
-rw-r--r-- 1 root root 547 Sep 11 19:02 chatbot.cn.conf

/etc/letsencrypt/renewal-hooks:
total 12
drwxr-xr-x 2 root root 4096 Jul 12 11:10 deploy
drwxr-xr-x 2 root root 4096 Jul 12 11:10 post
drwxr-xr-x 2 root root 4096 Jul 12 11:10 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0

/etc/letsencrypt/renewal-hooks/post:
total 0

/etc/letsencrypt/renewal-hooks/pre:
total 0

I want to retrieve the conf of the old certificate, because a new certificate is regenerated, and the old certificate conf is overwritten.


#9

You can probably make your configuration valid again from Certbot’s point of view with

cd /etc/letsencrypt/live/chatbot.cn
mv -i fullchain.pem privkey.pem /tmp
ln -s ../../archive/chatbot.cn/fullchain2.pem fullchain.pem
ln -s ../../archive/chatbot.cn/privkey2.pem privkey.pem

After that, Certbot should be able to work with your configuration.


#11

I ran the command you said, but I got a new certificate renewal (configuration of the new certificate), not the renewal of the old certificate (the configuration of the old certificate), how can I renew my old certificate?and thank you


#12

I don’t really understand what you mean. Can you describe more about what you’re looking for?

The commands that I suggested to you above would only fix Certbot’s ability to parse the renewal configuration file, not request any certificates.


#13

好吧…大哥您到底要说啥子……以前证书是怎么申请的…… 也用的是manual 并且不带任何 其他文件嘛 (hook 一般是.sh)

@schoen let me try to deal with him…

woc 20 chars


#14

我需要续费老证书,但是老证书的配置项被新证书的配置项覆盖了,然后我不想使用新证书,只想使用老证书


#15

您好,

老证书是怎么配置的呢?
用的也是manual 这个选项嘛(手动添加txt记录的)?

现在问题是这样…… 你的老证书配置已经被覆盖了… 基本来说是找不回来的了……

而且如果是manual选项配置的证书,在没有配置续期代码(联系域名api进行自动续期)以前是不可能续期的… 每次只能重新申请… (就是为什么certbot那边即使renew 也会显示无法续期)

谢谢


#16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.