LetsEncrypt certificate renewal failure


#1

Please fill out the fields below so we can help you better.

My domain is: redrield.com/redrield.me

I ran this command:

sudo letsencrypt renew --agree-tos (As regularly privileged user)

It produced this output:

https://hastebin.com/jecasuwado.vbs

My operating system is (include version):

Ubuntu 16.04 Xenial

My web server is (include version):

Nginx/1.10.0 (ubuntu)

My hosting provider, if applicable, is:

DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no


#2

Manually check the renewal configuration files mentioned in the output for things that could be wrong. Or also paste them here.


#3

You’re using an old version of Certbot (probably Ubuntu’s letsencrypt package, version 0.4.1) to renew certificates created by a new version of Certbot (probably certbot-auto installed somewhere). As you can see, old versions are unable to handle aspects of the renewal configuration files generated by newer versions of Certbot.

(The certificates aren’t different or incompatible, but Certbot’s configuration files are.)

You should find the newer version of Certbot you had installed and use it.

Alternately, you can wipe out /etc/letsencrypt – or at least parts of it – and start over with your older version.

(Alternately, you can compare and surgically edit the configuration files, but that’s not really worth the effort.)


#4

As mentioned my @mnordhoff you are probably using a repo version of letsencrypt.

Please also note that letsencrypt has been deprecated and is now replaced with certbot being the official client for Let’s Encrypt certificates. This seems to be an eternal source of confusion and I wish the mods would sticky a big note about this.

You can simply eave your existing letsencrypt install in place and clone a new one from the repo and run all your commands as cert or certbot-auto and not letsencrypt or letsencrypt-auto from the /opt/certbot directory …

Follow my guide here on how to clone certbot from the repo.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.