I need to upgrade from certbot-auto

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I did:
sudo apt-get remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot renew --dry-run -d bc.elmit.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My domain is: bc.elmit.com

I ran this command:
sudo certbot --certonly --rsa-key-size 4096 --nginx --agree-tos --no-eff-email --email ronald@example.com -w /home/ronald/docker-websites/bc.elmit.com -d bc.elmit.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
nginx -v
nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
lsb_release
LSB Version: core-9.20170808ubuntu1-noarch:printing-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes, sudo

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

How can I fix it?

Your current issues don't look related to the way you've installed certbot: certbot seems to be working fine.

However, for some reason you're trying to use the renew subcommand with options not related to that subcommand.

Doesn't certbot renew --dry-run without any other options just work?

Also, you can check which certificates are installed including their certificate name with the command certbot certificates, so you can specifically renew certificates with the --cert-name option in combination with certbot renew.

2 Likes

Thanks for your quick reply.

I tried sudo certbot renew --dry-run

which returned a lots of errors for each domain I have:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/ai.elmit.com.conf


Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Failed to renew certificate ai.elmit.com with error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')


Your suggestion to use:
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/www.elmit.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.


Found the following certs:
Certificate Name: ai.elmit.com
Serial Number: 3a0dc19d1f8a17c5bbe09e708451ec3d4c2
Key Type: RSA
Domains: ai.elmit.com
Expiry Date: 2021-10-16 22:51:32+00:00 (VALID: 16 hour(s))
Certificate Path: /etc/letsencrypt/live/ai.elmit.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ai.elmit.com/privkey.pem

... was good

I tried then:
sudo certbot renew --cert-name bc.elmit.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/bc.elmit.com.conf


Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Failed to renew certificate bc.elmit.com with error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')


All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/bc.elmit.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

sudo nginx -t
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

????

This is kinda a weird error. Can you show the contents of the file /etc/letsencrypt/renewal/www.elmit.com.conf please?

It seems certbot does not know the certificate name bc.elmit.com. At least, I can't see it in the output of certbot certificates or was there more output on your screen which wasn't copy/pasted into your post?

Your nginx configuration is refering to a certificate called nc.elmit.com but that certificate isn't there any longer, so nginx is malfunctioning: it expects to find a certificate, but it's gone! Did you perhaps remove certain certificates from certbot without removing them from your nginx configuration? Please see the warnings and solution(s) about safely deleting certificates in certbot here: User Guide — Certbot 1.19.0.dev0 documentation

2 Likes

I checked the file www.elmit.com.conf - it is an empty file. Since I do not currently use this domain. I deleted the empty file.

That helped that the command sudo certbot renew
Another instance of Certbot is already running.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpy2sawccz/log or re-run Certbot with -v for more details.

sudo certbot renew -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/ai.elmit.com.conf


Certificate is due for renewal, auto-renewing...
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Failed to renew certificate ai.elmit.com with error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')


Processing /etc/letsencrypt/renewal/bc.elmit.com.conf


Certificate is due for renewal, auto-renewing...
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Failed to renew certificate bc.elmit.com with error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/nc.elmit.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/nc.elmit.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

cat bc.elmit.com.conf

renew_before_expiry = 30 days

version = 1.9.0
archive_dir = /etc/letsencrypt/archive/bc.elmit.com
cert = /etc/letsencrypt/live/bc.elmit.com/cert.pem
privkey = /etc/letsencrypt/live/bc.elmit.com/privkey.pem
chain = /etc/letsencrypt/live/bc.elmit.com/chain.pem
fullchain = /etc/letsencrypt/live/bc.elmit.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = nginx
installer = nginx
account = 847eabe6723b218efd22650696b29796
server = https://acme-v02.api.letsencrypt.org/directory
rsa_key_size = 4096

First, and foremost, your nginx configuration needs to work.
[as long as nginx -t fails, nothing else will work (certbot can't fix that for you)]
You may need to disable whatever files are missing (or recreate them) to get nginx working.

1 Like

Thanks. For now I fixed the config files. Will come next week with the remaining problem to solve.

Thanks.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.