Manual renewal fails with Errno 17 File Exists

My domain is: nurturehq.com

I ran this command:
./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns --installer nginx -d *.nurturehq.com

It produced this output:
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
NGINX configured with OpenSSL alternatives is not officially supported by Certbot.
Plugins selected: Authenticator manual, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for *.nurturehq.com
An unexpected error occurred:
FileExistsError: [Errno 17] File exists: '/etc/letsencrypt/archive/nurturehq.com-0001/privkey16.pem'
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): nginx/1.6.2

The operating system my web server runs on is (include version): CentOS release 6.5 (Final)

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @Rohitghadage, and welcome to the LE community forum :slight_smile:

Something has likely gone off the rails...
Let's have a look at the output of:
certbot-auto --version
certbot-auto certificates

3 Likes

The output of both command is
-bash: certbot-auto: command not found

Try with "./"
Like with your post:

./certbot-auto --version
./certbot-auto certificates

3 Likes

Output is:
-bash: ./certbot-auto: No such file or directory

Ok, then find it, with:
find / -name certbot-auto

OR

Can you remember where your where when you ran:

[It found it then!]

4 Likes

The output is
/opt/certbot/certbot-auto
/opt/letsencrypt/certbot-auto
and I ran renewal command on /opt/certbot

OK, let's go with that one, try:

/opt/certbot/certbot-auto --version
/opt/certbot/certbot-auto certificates

3 Likes

out for both command is as below:

[root@li810-70 ~]# /opt/certbot/certbot-auto --version
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
certbot 1.10.1
[root@li810-70 ~]# /opt/certbot/certbot-auto certificates
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/nurturehq.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.


Found the following certs:
Certificate Name: nurturehq.com-0001
Serial Number: 438515db426429b2e269c219e5e08fb8901
Key Type: RSA
Domains: *.nurturehq.com
Expiry Date: 2022-08-31 05:34:32+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/nurturehq.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/nurturehq.com-0001/privkey.pem

The following renewal configurations were invalid:
/etc/letsencrypt/renewal/nurturehq.com.conf


That's not too ancient.
We should try removing "-auto" from that command line.

Let's have a look at that file.

3 Likes

This file is blank

/etc/letsencrypt/renewal/nurturehq.com.conf

This file is blank there is no data in that file

Please show:
ls -l /etc/letsencrypt/renewal/*

3 Likes

The output is:
-rw-r--r-- 1 root root 605 Nov 14 14:45 /etc/letsencrypt/renewal/nurturehq.com-0001.conf
-rw-r--r-- 1 root root 0 Jun 3 07:12 /etc/letsencrypt/renewal/nurturehq.com.conf
-rw-r--r-- 1 root root 580 Jun 3 07:11 /etc/letsencrypt/renewal/nurturehq.com.conf.bk

There seems to be a backup file for it.
Let's try restoring it, with:

cp  /etc/letsencrypt/renewal/nurturehq.com.conf.bk  /etc/letsencrypt/renewal/nurturehq.com.conf

Then reshow:
/opt/certbot/certbot-auto certificates

Also try finding certbot [without the -auto]:
find / -name certbot
which certbot

3 Likes

Out put of both command is:

[root@li810-70 renewal]# /opt/certbot/certbot-auto certificates
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: nurturehq.com-0001
Serial Number: 438515db426429b2e269c219e5e08fb8901
Key Type: RSA
Domains: *.nurturehq.com
Expiry Date: 2022-08-31 05:34:32+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/nurturehq.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/nurturehq.com-0001/privkey.pem
Certificate Name: nurturehq.com
Serial Number: 438515db426429b2e269c219e5e08fb8901
Key Type: RSA
Domains: *.nurturehq.com
Expiry Date: 2022-08-31 05:34:32+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/nurturehq.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/nurturehq.com/privkey.pem


[root@li810-70 renewal]# find / -name certbot
/opt/certbot
/opt/certbot/certbot
/opt/eff.org/certbot
/opt/eff.org/certbot/venv/bin/certbot
/opt/eff.org/certbot/venv/lib/python3.6/site-packages/certbot
/opt/letsencrypt/certbot

OK, let's see if the original cert files are there, with:
ls -l /etc/letsencrypt/live/nurturehq.com/*

3 Likes

The output is:

lrwxrwxrwx 1 root root  38 Jun  2 06:34 /etc/letsencrypt/live/nurturehq.com/cert.pem -> ../../archive/nurturehq.com/cert15.pem
lrwxrwxrwx 1 root root  39 Jun  2 06:34 /etc/letsencrypt/live/nurturehq.com/chain.pem -> ../../archive/nurturehq.com/chain15.pem
lrwxrwxrwx 1 root root  43 Jun  2 06:34 /etc/letsencrypt/live/nurturehq.com/fullchain.pem -> ../../archive/nurturehq.com/fullchain15.pem
lrwxrwxrwx 1 root root  41 Jun  2 06:34 /etc/letsencrypt/live/nurturehq.com/privkey.pem -> ../../archive/nurturehq.com/privkey15.pem
-rw-r--r-- 1 root root 692 Mar 19  2019 /etc/letsencrypt/live/nurturehq.com/README

OK, we're almost there...
[even thou those entries have sizes - they are just symbolic links to the real files]
Let's confirm the actual files with:
ls -l /etc/letsencrypt//archive/nurturehq.com/*15.pem

3 Likes

-rw-r--r-- 1 root root 1842 Jun 2 06:34 /etc/letsencrypt//archive/nurturehq.com/cert15.pem
-rw-r--r-- 1 root root 3749 Jun 2 06:34 /etc/letsencrypt//archive/nurturehq.com/chain15.pem
-rw-r--r-- 1 root root 5591 Jun 2 06:34 /etc/letsencrypt//archive/nurturehq.com/fullchain15.pem
-rw------- 1 root root 1704 Jun 2 06:34 /etc/letsencrypt//archive/nurturehq.com/privkey15.pem