Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: tp23.org
I ran this command: certbot renew
It produced this output:
Attempting to renew cert (tp23.org) from /etc/letsencrypt/renewal/tp23.org.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for radiolocal9.tp23.org:
Choices: [‘Enter a new webroot’, ‘/mnt/cipublish/www/htdocs-rpi.tp23.org’, ‘/mnt/cipublish/www/htdocs-ci.tp23.org’, ‘/mnt/cipublish/www/htdocs-sanename.org’, ‘/mnt/cipublish/www/htdocs-htmlbuffer.tp23.org’, ‘/mnt/cipublish/www/htdocs-tp23.org’, ‘/mnt/cipublish/www/htdocs-xtomp.tp23.org’, ‘/mnt/cipublish/www/htdocs-download.tp23.org’, ‘/mnt/cipublish/www/htdocs-jclosure.tp23.org’, ‘/mnt/cipublish/www/htdocs-linci.tp23.org’, ‘/mnt/cipublish/www/htdocs-markbook.tp23.org’, ‘/mnt/cipublish/www/htdocs-lxinitd.tp23.org’]
(You can set this with the --webroot-path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
My web server is (include version): nginx
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):certbot 0.36.0
Today all my certs expired, and I need to rebuild them. I have split my hosts over two VMs so its not going to be possible to run existing config since the server that runs certbot no longer has access to the required webroots.
I did not realize that certbot renew required access to webroots forever when I set this up.
I have setup the new server as I did originally with a subset of domains and I have a valid cert, no idea if they will ever renew but 2 hosts on tp23.org work now.
Certbot no longer supports two domains with the same webroot which is annoying but I can fix that however it will take time and a few retries.
Problem is that certbox generates files dynamically in /etc/ which means its not easy to work out what can be deleted to start afresh.
Any tips what can I delete? there is also the problem that certbot will not let you recreate certs for a certain amount of time, how do I get around that? Its seems its impossible to automate certbot since it behaves differently and return 0 always even when it failed. Currenlty I have certs expi9red and I’m not allowed to regenerate them which is harsh.
I need a clean start, it now tacks -0001 on to file names which clearly breaks the automation I have setup so it needs a rewrite.
I will need to be able to manually regenerate certs every 3 months until I can automate certbot usage again.