Manual renewal fails with Errno 17 File Exists

That looks good [even thou it is an expired certificate].

OK, we need to delete the "-0001" certificate.
But first...
Where are you using the certificate?

I see nginx.
Let's try:
nginx -T | grep -i nurturehq.com

3 Likes

The output is
[root@li810-70 ~]# nginx -T | grep -i nurturehq.com
nginx: invalid option: "T"

hmm...
That is a very old version of nginx

Try:
grep -Eri nurturehq.com /etc/nginx

3 Likes

The output is:

[root@li810-70 ~]# grep -Eri nurturehq.com /etc/nginx
/etc/nginx/conf.d/nurtureclient.conf:    if ($host = www.nurturehq.com) {
/etc/nginx/conf.d/nurtureclient.conf:    server_name *.nurturehq.com;
/etc/nginx/conf.d/nurtureclient.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com-0001/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurtureclient.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com-0001/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurtureclient.conf:    server_name *.nurturehq.com ;
/etc/nginx/conf.d/nurturesite.conf.nonworking:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturesite.conf.nonworking:    rewrite ^(.*) https://www.nurturehq.com$1 permanent;
/etc/nginx/conf.d/nurturesite.conf.nonworking:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurturesite.conf.nonworking:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturesite.conf.nonworking:	server_name www.nurturehq.com;
/etc/nginx/conf.d/nurturesite.conf.old:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturesite.conf.old:   # server_name www.nurturehq.com;
/etc/nginx/conf.d/nurturesite.conf.old:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurturesite.conf.old:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturesite.conf.old:    if ($host = nurturehq.com) {
/etc/nginx/conf.d/nurturesite.conf.old:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturewebsite.conf:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturewebsite.conf:    rewrite ^(.*) https://www.nurturehq.com$1 permanent;
/etc/nginx/conf.d/nurturewebsite.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurturewebsite.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturewebsite.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurturewebsite.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturewebsite.conf:    server_name www.nurturehq.com;
/etc/nginx/conf.d/nurtureclient_stage.conf:    server_name sclient.nurturehq.com ;
/etc/nginx/conf.d/nurtureclient_stage.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurtureclient_stage.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/phpmyadmin.conf:    server_name mysql.nurturehq.com ;
/etc/nginx/conf.d/phpmyadmin.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/phpmyadmin.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturecockpit.conf:    server_name cockpit.nurturehq.com;
/etc/nginx/conf.d/nurturecockpit.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurturecockpit.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturesite.conf.back:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturesite.conf.back:    rewrite ^(.*) https://www.nurturehq.com$1 permanent;
/etc/nginx/conf.d/nurturesite.conf.back:    server_name www.nurturehq.com;
/etc/nginx/conf.d/nurturewebsite.conf.http:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturewebsite.conf.http:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurturewebsite.conf.http:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturewebsite.conf.http:    server_name nurturehq.com;
/etc/nginx/conf.d/default.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/default.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/opcache.nurturehq.conf:    server_name opcache.nurturehq.com;
/etc/nginx/conf.d/opcache.nurturehq.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/opcache.nurturehq.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com/privkey.pem; # managed by Certbot
/etc/nginx/conf.d/nurturesite.conf.bk:    server_name nurturehq.com;
/etc/nginx/conf.d/nurturesite.conf.bk:    rewrite ^(.*) https://www.nurturehq.com$1 permanent;
/etc/nginx/conf.d/nurturesite.conf.bk:    server_name www.nurturehq.com;
/etc/nginx/conf.d.kk/nurtureclient.conf:    if ($host = www.nurturehq.com) {
/etc/nginx/conf.d.kk/nurtureclient.conf:    server_name *.nurturehq.com;
/etc/nginx/conf.d.kk/nurtureclient_stage.conf:    server_name sclient.nurturehq.com ;
/etc/nginx/conf.d.kk/phpmyadmin.conf:    server_name mysql.nurturehq.com ;
/etc/nginx/conf.d.kk/nurturecockpit.conf:    server_name cockpit.nurturehq.com;
/etc/nginx/conf.d.kk/nurturesite.conf.back:    server_name nurturehq.com;
/etc/nginx/conf.d.kk/nurturesite.conf.back:    rewrite ^(.*) https://www.nurturehq.com$1 permanent;
/etc/nginx/conf.d.kk/nurturesite.conf.back:    server_name www.nurturehq.com;
/etc/nginx/conf.d.kk/nurturesite.conf:    server_name nurturehq.com;
/etc/nginx/conf.d.kk/nurturesite.conf:    rewrite ^(.*) https://www.nurturehq.com$1 permanent;
/etc/nginx/conf.d.kk/nurturesite.conf:    server_name www.nurturehq.com;
/etc/nginx/conf.d.kk/opcache.nurturehq.conf:    server_name opcache.nurturehq.com;

OK, only one file is using the "-0001" version:

/etc/nginx/conf.d/nurtureclient.conf:    ssl_certificate /etc/letsencrypt/live/nurturehq.com-0001/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/nurtureclient.conf:    ssl_certificate_key /etc/letsencrypt/live/nurturehq.com-0001/privkey.pem; # managed by Certbot

Please edit that file and remove both of the "-0001" text.

Also, please show:
grep -i include /etc/nginx/nginx.conf

4 Likes

Did the changes and the output of seconf command is:
[root@li810-70 ~]# grep -i include /etc/nginx/nginx.conf
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;

That's perfect!

4 Likes

What is the next step now

OK, now let's delete the "bad" certificate, with:
/opt/certbot/certbot delete --cert-name nurturehq.com-0001

Then reshow:
/opt/certbot/certbot certificates

[skipped the step where we aren't going to use "-auto" anymore]

3 Likes

Not able to delete it. THe output showing as below

[root@li810-70 ~]# /opt/certbot/certbot delete --cert-name nurturehq.com-0001
-bash: /opt/certbot/certbot: is a directory

OK wrong path [my bad]
try:
which certbot

4 Likes

It has to be one of those - LOL

3 Likes

Not showing.The output is as below

[root@li810-70 ~]# which certbot
/usr/bin/which: no certbot in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

I tries with "auto" and the output is as below:

[root@li810-70 ~]# /opt/certbot/certbot-auto certificates
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: nurturehq.com-0001
Serial Number: 438515db426429b2e269c219e5e08fb8901
Key Type: RSA
Domains: *.nurturehq.com
Expiry Date: 2022-08-31 05:34:32+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/nurturehq.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/nurturehq.com-0001/privkey.pem
Certificate Name: nurturehq.com
Serial Number: 438515db426429b2e269c219e5e08fb8901
Key Type: RSA
Domains: *.nurturehq.com
Expiry Date: 2022-08-31 05:34:32+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/nurturehq.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/nurturehq.com/privkey.pem


Try:
/opt/certbot/certbot-auto delete --cert-name nurturehq.com-0001

Then, let's find the working certbot, with:
/opt/eff.org/certbot --version
/opt/letsencrypt/certbot --version

3 Likes

This is the output of all the three commands:

[root@li810-70 ~]# /opt/certbot/certbot-auto delete --cert-name nurturehq.com-0001
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log


The following certificate(s) are selected for deletion:

  • nurturehq.com-0001

Are you sure you want to delete the above certificate(s)?


(Y)es/(N)o: y
Deleted all files relating to certificate nurturehq.com-0001.
[root@li810-70 ~]# /opt/eff.org/certbot --version
-bash: /opt/eff.org/certbot: is a directory
[root@li810-70 ~]# /opt/letsencrypt/certbot --version
-bash: /opt/letsencrypt/certbot: is a directory
[root@li810-70 ~]#

HI rg305
Please help me. I need help

1 Like

hmm...
We still haven't found certbot!

3 Likes

Does your system use yum for updates?

3 Likes

i never tried to update it before