How to create a certificate in live/ without link to archive/

Randagast · January 17, 2025, 8:51am

I have a certificate located in /etc/letsencrypt/live/nonprod.gitsis.eu, which is not a symbolic link. When it’s about to expire, I attempt to issue a new one, but it always creates a folder in live/nonprod.gitsis.eu containing symbolic links to the archive/ directory.

Is there a way to generate the certificate directly in the live directory without creating symbolic links to archive/?

I ran this command:
certbot certonly --noninteractive --authenticator dns-hetzner --dns-hetzner-credentials /tmp/dns_api_token.ini --agree-tos --domains *.nonprod.gitsis.eu --email algitsis@gmail.com

i run on debian-12
certbot 2.11.0

Osiris · January 17, 2025, 8:58am

No, not directly, that's just how Certbot works.

What's wrong with symbolic links? Any software should be able to use that without an issue..

As some kind of workaround you could write your own script and use it in a --deploy-hook. Within that script you can do whatever you want, as long as you don't mess up the existing files generated by Certbot.

Topic		Replies	Views
Certbot creates certificate in wrong path Help	4	1613	January 1, 2021
Why does Certbot Use Symbolic Links - Do Certain Paramaters Overide this Behaviour? Client dev	14	16243	March 27, 2017
Unpredictable paths make Certbot completely unusable Client dev	7	973	October 15, 2019
CertStorageError: expected /etc/letsencrypt/live/example.com/cert.pem to be a symlink Server	17	19179	December 21, 2017
Force certbot-auto to generate certificate at a custom path instead of /etc/letsencrypt/live Help	4	5988	April 22, 2017

How to create a certificate in live/ without link to archive/

Related topics