Migration to new server and also apache to nginx

My domain is: www.maineconservation.org

I ran this command: certbox renew --dry-run

It produced this output: The requested apache plugin does not appear to be installed. Skipping.

My web server is (include version): nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’ve successfully transferred the existing certificate files from the old server (preserving symlinks) and the certificate seems to be working fine, but I’m not sure how to renew it. Should I just remove it and start over with a new cert? Install the apache plugin and use that to renew it, even though the site is no longer running on apache?

Have you tried ./certbot-auto renew --nginx --dry-run

./certbot-auto gives me a “command not found” error, but the same command with just certbot gives me “Congratulations, all renewals succeeded”

Weirdly though, if I run it without the --dry-run flag, it fails with this error message:

Attempting to renew cert (www.maineconservation.org) from /etc/letsencrypt/renewal/www.maineconservation.org.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/b5dfae096cead9b94bd570f5c4a23af2 does not exist. Skipping.

How did you install certbot ???

Just try this

sudo mkdir /opt/certbot
cd /opt/certbot
sudo wget https://dl.eff.org/certbot-auto
sudo chmod +x certbot-auto
sudo ./certbot-auto renew --nginx --dry-run
1 Like

Did you copy all your certificates exactly as they were on the old server? Same folder structure?

├── accounts
│   ├── acme-staging.api.letsencrypt.org
│   │   └── directory
│   │       └── 4835cd202a2fad9666e0dd2499781129
│   │           ├── meta.json
│   │           ├── private_key.json
│   │           └── regr.json
│   └── acme-v01.api.letsencrypt.org
│       └── directory
│           └── 88058d1c1eddcd4f96a5d28691f2c18b
│               ├── meta.json
│               ├── private_key.json
│               └── regr.json
├── archive
│   ├── mydomain.com
│   │   ├── cert1.pem
│   │   ├── chain1.pem
│   │   ├── fullchain1.pem
│   │   └── privkey1.pem
├── csr
│   ├── 0000_csr-certbot.pem
├── keys
│   ├── 0000_key-certbot.pem
├── live
│   ├── mydomain.com
│   │   ├── cert.pem -> ../../archive/mydomain.com/cert1.pem
│   │   ├── chain.pem -> ../../archive/mydomain.com/chain1.pem
│   │   ├── fullchain.pem -> ../../archive/mydomain.com/fullchain1.pem
│   │   ├── privkey.pem -> ../../archive/mydomain.com/privkey1.pem
│   │   └── README
└── renewal
    ├── mydomain.com.conf

Almost. There was already another certificate (for a different domain, since removed) on the new server, so, following instructions from another thread on this forum, I only moved the files and symlinks in archive/, live/, and renewal/

You need accounts, too.

i don’t think you copied the entire folder structure and contents exactly as it was

At this point, would I be better off jettisoning the old cert and starting from scratch?

Update: I had a spare full backup of the old server’s letsencrypt directory, so I copied over the accounts/, csr/, and keys/ folders I’d left behind before, ran certbot renew --nginx, and voila, everything works perfectly.

Thanks for your help!

1 Like

The one of those that would have made a difference here was accounts (maybe this is a sign that this error message could be made more helpful, because the error message was clearly pointing in an unhelpful direction).

I think this is a common pattern in software development which maybe even has a name, where the error message is describing a much higher-level symptom of a failure that actually happened for a much more specific problem. It’s basically

component X needed item Y, and so it failed, but the reported failure was “component X failed” rather than “item Y missing”

1 Like

Glad you got it sorted :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.