Migration to new server and also apache to nginx

Help
1

My domain is: www.maineconservation.org

I ran this command: certbox renew --dry-run

It produced this output: The requested apache plugin does not appear to be installed. Skipping.

My web server is (include version): nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’ve successfully transferred the existing certificate files from the old server (preserving symlinks) and the certificate seems to be working fine, but I’m not sure how to renew it. Should I just remove it and start over with a new cert? Install the apache plugin and use that to renew it, even though the site is no longer running on apache?

2

Have you tried ./certbot-auto renew --nginx --dry-run

3

./certbot-auto gives me a β€œcommand not found” error, but the same command with just certbot gives me β€œCongratulations, all renewals succeeded”

Weirdly though, if I run it without the --dry-run flag, it fails with this error message:

Attempting to renew cert (www.maineconservation.org) from /etc/letsencrypt/renewal/www.maineconservation.org.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/b5dfae096cead9b94bd570f5c4a23af2 does not exist. Skipping.

4

How did you install certbot ???

Just try this

sudo mkdir /opt/certbot
cd /opt/certbot
sudo wget https://dl.eff.org/certbot-auto
sudo chmod +x certbot-auto
sudo ./certbot-auto renew --nginx --dry-run
1 Like
5

Did you copy all your certificates exactly as they were on the old server? Same folder structure?

/etc/letsencrypt/
β”œβ”€β”€ accounts
β”‚   β”œβ”€β”€ acme-staging.api.letsencrypt.org
β”‚   β”‚   └── directory
β”‚   β”‚       └── 4835cd202a2fad9666e0dd2499781129
β”‚   β”‚           β”œβ”€β”€ meta.json
β”‚   β”‚           β”œβ”€β”€ private_key.json
β”‚   β”‚           └── regr.json
β”‚   └── acme-v01.api.letsencrypt.org
β”‚       └── directory
β”‚           └── 88058d1c1eddcd4f96a5d28691f2c18b
β”‚               β”œβ”€β”€ meta.json
β”‚               β”œβ”€β”€ private_key.json
β”‚               └── regr.json
β”œβ”€β”€ archive
β”‚   β”œβ”€β”€ mydomain.com
β”‚   β”‚   β”œβ”€β”€ cert1.pem
β”‚   β”‚   β”œβ”€β”€ chain1.pem
β”‚   β”‚   β”œβ”€β”€ fullchain1.pem
β”‚   β”‚   └── privkey1.pem
β”œβ”€β”€ csr
β”‚   β”œβ”€β”€ 0000_csr-certbot.pem
β”œβ”€β”€ keys
β”‚   β”œβ”€β”€ 0000_key-certbot.pem
β”œβ”€β”€ live
β”‚   β”œβ”€β”€ mydomain.com
β”‚   β”‚   β”œβ”€β”€ cert.pem -> ../../archive/mydomain.com/cert1.pem
β”‚   β”‚   β”œβ”€β”€ chain.pem -> ../../archive/mydomain.com/chain1.pem
β”‚   β”‚   β”œβ”€β”€ fullchain.pem -> ../../archive/mydomain.com/fullchain1.pem
β”‚   β”‚   β”œβ”€β”€ privkey.pem -> ../../archive/mydomain.com/privkey1.pem
β”‚   β”‚   └── README
└── renewal
    β”œβ”€β”€ mydomain.com.conf
6

Almost. There was already another certificate (for a different domain, since removed) on the new server, so, following instructions from another thread on this forum, I only moved the files and symlinks in archive/, live/, and renewal/

7

You need accounts, too.

8

i don’t think you copied the entire folder structure and contents exactly as it was

9

At this point, would I be better off jettisoning the old cert and starting from scratch?

10

Update: I had a spare full backup of the old server’s letsencrypt directory, so I copied over the accounts/, csr/, and keys/ folders I’d left behind before, ran certbot renew --nginx, and voila, everything works perfectly.

Thanks for your help!

1 Like
11

The one of those that would have made a difference here was accounts (maybe this is a sign that this error message could be made more helpful, because the error message was clearly pointing in an unhelpful direction).

I think this is a common pattern in software development which maybe even has a name, where the error message is describing a much higher-level symptom of a failure that actually happened for a much more specific problem. It's basically

component X needed item Y, and so it failed, but the reported failure was "component X failed" rather than "item Y missing"

1 Like
12

Glad you got it sorted :+1:

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.