Checking for new version...
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --no-self-upgrade renew
Processing /etc/letsencrypt/renewal/--it.conf
2016-02-24 10:06:46,994:WARNING:letsencrypt.cli:An error occured while parsing /etc/letsencrypt/renewal/--it.conf. The error was Expected a numeric value for http01_port. Skipping the file.
Processing /etc/letsencrypt/renewal/--y.it.conf
Processing /etc/letsencrypt/renewal/--l.conf
Processing /etc/letsencrypt/renewal/owncloud.---.conf
2016-02-24 10:06:47,016:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/owncloud.---.conf produced an unexpected error: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('d does not exist or is not a directory',). Skipping.
Processing /etc/letsencrypt/renewal/test.--.conf
Processing /etc/letsencrypt/renewal/---.com.conf
2016-02-24 10:06:47,022:WARNING:letsencrypt.cli:An error occured while parsing /etc/letsencrypt/renewal/---.com.conf. The error was Expected a numeric value for http01_port. Skipping the file.
The following certs are not due for renewal yet:
/etc/letsencrypt/live/---.it/fullchain.pem (skipped)
/etc/letsencrypt/live/---l/fullchain.pem (skipped)
/etc/letsencrypt/live/test.---.it/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/owncloud.---/fullchain.pem (failure)
Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/---.it.conf (parsefail)
/etc/letsencrypt/renewal/---.com.conf (parsefail)
ssl per owncloud was exipred 3 days ago (my fault on to a cron script)
Having just installed letsencrypt on a Centos server running cPanel / WHM and obtained certificates that all work perfectly - I tested the renew option - it also ran perfectly - well done guys!
I’ve renewed two separate certificates recently. The first I renewed on 2/17 and everything worked but today I got another email about that certificate expiring and it still lists the original expiration date (3/6).
I’m getting reproducible parsefail error messages. It seems like config files from prior versions of the letsencrypt client fail. Those are the ones without the webroot_map section.
Here’s a diff of a working vs a non-working (diff working.conf non_working.conf, I replaced the domain names but nothing else was changed.
The forum appears to have a bug. I only have this one link in the post yet it complains that I have a limit of 2. So you’ll have to assemble the link by yourself. Replace space by slash here:
FreeBSD user, just updated the pkg to 0.4.0. My certs were created with the 0.3.0 pkg, using webroot. I changed all of my apache port 80 vhosts to 301 redirects to https, with HSTS and can’t use letsencrypt renew. The renew attempts to use webroot on http, and I don’t see a method in the renewal conf to change to https.
Error: 2016-02-29 09:31:53,578:WARNING:letsencrypt.cli:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/domain.net.conf produced an unexpected error: Failed authorization procedure. domain.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://domain.net/.well-known/acme-challenge/XXXX. Skipping.
@schoen I just (re-)tried running “letsencrypt renew” as root. For some reason, today there is an error message (I’m not sure if it wasn’t there yesterday or if I just missed it !?!?):
2016-03-01 03:23:24,252:WARNING:letsencrypt.cli:An error occured while parsing /etc/letsencrypt/renewal/mydomain.conf. The error was Expected a numeric value for http01_port. Skipping the file.
In the config: “http01_port = None”. I use (and have always used) only webroot auth.
When I manually set the http01_port to 80, letsencrypt renew works again. Maybe you could allow http01_port to be None for backwards compatibility?
I believe the problem results when a user created a cert with standalone prior to November and is now trying to use letsencrypt renew without having used letsencrypt certonly -a standalone in between. (It should be possible to renew in this combination of circumstances without an error, but it’s apparently not.)
I'm also evaluating let's encrypt on some of our servers. Today i got the expiry warning notice for some of the certs:
Your certificate (or certificates) for the names listed below will expire in 9 days[...]
Yet when i trigger letsencrypt-auto renew i get the following for all of the related certificates mentioned in the expiry warning:
root@server:/home/user/letsencrypt# ./letsencrypt-auto renew
The following certs are not due for renewal yet:
/etc/letsencrypt/live/www.somesite.ch/fullchain.pem (skipped)
To be on the safe side i added a reminder in my calendar a day before the expiry happens. But shouldn't the renew function automatically renew the certs already?
EDIT:
I just checked the certificates in my browser and they have actually been renewed like a week ago and are still valid until end of june, so this expiry notice that was sent to me about 16 hours ago was an error i believe.
As of about two weeks ago, you should not be receiving any expiration emails for certificates which you have already renewed starting from that date.
Before that, Let's Encrypt didn't actually check whether there was a more recent certificate that's not close to expiring before sending an email.
tl;dr: You might get some additional notifications for certificates issued more than ~2 weeks ago, but for any future certificates, things should be accurate.