I deleted my .pem file

alebal · May 11, 2020, 8:29pm

So, let’s say that I mistakenly deleted the .pem file from my server … and then restored it by copying it from a backup and pasting it back to my server, with sudo nano … and pasting the text.

And now:
sudo /usr/local/bin/certbot-auto renew -q

Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/_internal/renewal.py", line 63, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/_internal/storage.py", line 466, in __init__
    self._check_symlinks()
  File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/certbot/_internal/storage.py", line 533, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/mysite.com/fullchain.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/mysite.com.conf is broken. Skipping.
0 renew failure(s), 1 parse failure(s)

This work good, sudo /usr/local/bin/certbot-auto --apache

What can I do?

I thought about uninstalling and reinstalling certbot, but I wouldn’t want to make even worse messes …

The server is centos 8 with apache

Osiris · May 11, 2020, 8:39pm

The files in the /live/ directory are actually symbolic links to the files in /archive/. So if you only removed the symbolic link, you can just remake the symbolic link with the ln -s command (see man ln). It points to the corresponding file in /archive/ with the higest number. I.e., the file fullchain.pem in /live/example.com would point to ../../archive/example.com/fullchain23.pem if “23” would be the higest number. Same goes for privkey.pem -> ../../archive/example.com/privkey23.pem et cetera.

alebal · May 11, 2020, 9:03pm

I’m not sure I understand …

I have this:
cert1.pem cert24.pem cert39.pem chain11.pem chain26.pem chain40.pem fullchain13.pem fullchain28.pem fullchain42.pem privkey15.pem privkey3.pem privkey44.pem
cert10.pem cert25.pem cert4.pem chain12.pem chain27.pem chain41.pem fullchain14.pem fullchain29.pem fullchain43.pem privkey16.pem privkey30.pem privkey45.pem
cert11.pem cert26.pem cert40.pem chain13.pem chain28.pem chain42.pem fullchain15.pem fullchain3.pem fullchain44.pem privkey17.pem privkey31.pem privkey46.pem
cert12.pem cert27.pem cert41.pem chain14.pem chain29.pem chain43.pem fullchain16.pem fullchain30.pem fullchain45.pem privkey18.pem privkey32.pem privkey5.pem
cert13.pem cert28.pem cert42.pem chain15.pem chain3.pem chain44.pem fullchain17.pem fullchain31.pem fullchain46.pem privkey19.pem privkey33.pem privkey6.pem
cert14.pem cert29.pem cert43.pem chain16.pem chain30.pem chain45.pem fullchain18.pem fullchain32.pem fullchain5.pem privkey2.pem privkey34.pem privkey7.pem
cert15.pem cert3.pem cert44.pem chain17.pem chain31.pem chain46.pem fullchain19.pem fullchain33.pem fullchain6.pem privkey20.pem privkey35.pem privkey8.pem
cert16.pem cert30.pem cert45.pem chain18.pem chain32.pem chain5.pem fullchain2.pem fullchain34.pem fullchain7.pem privkey21.pem privkey36.pem privkey9.pem
cert17.pem cert31.pem cert46.pem chain19.pem chain33.pem chain6.pem fullchain20.pem fullchain35.pem fullchain8.pem privkey22.pem privkey37.pem
cert18.pem cert32.pem cert5.pem chain2.pem chain34.pem chain7.pem fullchain21.pem fullchain36.pem fullchain9.pem privkey23.pem privkey38.pem
cert19.pem cert33.pem cert6.pem chain20.pem chain35.pem chain8.pem fullchain22.pem fullchain37.pem privkey1.pem privkey24.pem privkey39.pem
cert2.pem cert34.pem cert7.pem chain21.pem chain36.pem chain9.pem fullchain23.pem fullchain38.pem privkey10.pem privkey25.pem privkey4.pem
cert20.pem cert35.pem cert8.pem chain22.pem chain37.pem fullchain1.pem fullchain24.pem fullchain39.pem privkey11.pem privkey26.pem privkey40.pem
cert21.pem cert36.pem cert9.pem chain23.pem chain38.pem fullchain10.pem fullchain25.pem fullchain4.pem privkey12.pem privkey27.pem privkey41.pem
cert22.pem cert37.pem chain1.pem chain24.pem chain39.pem fullchain11.pem fullchain26.pem fullchain40.pem privkey13.pem privkey28.pem privkey42.pem
cert23.pem cert38.pem chain10.pem chain25.pem chain4.pem fullchain12.pem fullchain27.pem fullchain41.pem privkey14.pem privkey29.pem privkey43.pem

what I should do would be: sudo ln -s /etc/letsencrypt/archive/mysite.com/privkey43.pem /etc/letsencrypt/live/mysite.com/fullchain.pem

and do I have to delete the file that I created in live?

I’m really not sure I understand …

schoen · May 12, 2020, 12:35am

Could you show us the output from ls -l /etc/letsencrypt/live/mysite.com/ first just to make sure?

9peppe · May 12, 2020, 2:33pm

certbot update_symlinks should be easier

Osiris · May 12, 2020, 3:37pm

~~@9peppe I thought that feature was removed?~~

Edit: Ah, it is planned for removal, but not yet removed.

alebal · May 12, 2020, 11:40pm

back then, this was the situation:
$ sudo ls -l /etc/letsencrypt/live/mysite.com/
-rw-r–r--. 1 root root 692 Mar 5 13:21 README
lrwxrwxrwx. 1 root root 53 May 9 13:19 cert.pem -> …/…/archive/mysite.com/cert46.pem
lrwxrwxrwx. 1 root root 54 May 9 13:19 chain.pem -> …/…/archive/mysite.com/chain46.pem
-rw-r–r--. 1 root root 6524 May 9 14:44 fullchain.pem
lrwxrwxrwx. 1 root root 56 May 9 13:19 privkey.pem -> …/…/archive/mysite.com/privkey46.pem

I do this:
$ sudo rm /etc/letsencrypt/live/mysite.com/fullchain.pem

$ sudo ln -s …/…/archive/mysite.com/fullchain46.pem /etc/letsencrypt/live/mysite.com/fullchain.pem

And now:
-rw-r–r--. 1 root root 692 Mar 5 13:21 README
lrwxrwxrwx. 1 root root 53 May 9 13:19 cert.pem -> …/…/archive/mysite.com/cert46.pem
lrwxrwxrwx. 1 root root 54 May 9 13:19 chain.pem -> …/…/archive/mysite.com/chain46.pem
lrwxrwxrwx. 1 root root 58 May 12 16:31 fullchain.pem -> …/…/archive/mysite.com/fullchain46.pem
lrwxrwxrwx. 1 root root 56 May 9 13:19 privkey.pem -> …/…/archive/mysite.com/privkey46.pem

and it seems to work:
sudo /usr/local/bin/certbot-auto renew -q* *

system · June 11, 2020, 11:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.