My domain is: www.maineconservation.org
I ran this command: certbox renew --dry-run
It produced this output: The requested apache plugin does not appear to be installed. Skipping.
My web server is (include version): nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I’ve successfully transferred the existing certificate files from the old server (preserving symlinks) and the certificate seems to be working fine, but I’m not sure how to renew it. Should I just remove it and start over with a new cert? Install the apache plugin and use that to renew it, even though the site is no longer running on apache?
Have you tried
./certbot-auto renew --nginx --dry-run
./certbot-auto gives me a “command not found” error, but the same command with just
certbot gives me “Congratulations, all renewals succeeded”
Weirdly though, if I run it without the
--dry-run flag, it fails with this error message:
Attempting to renew cert (www.maineconservation.org) from /etc/letsencrypt/renewal/www.maineconservation.org.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/b5dfae096cead9b94bd570f5c4a23af2 does not exist. Skipping.
How did you install certbot ???
Just try this
sudo mkdir /opt/certbot
sudo wget https://dl.eff.org/certbot-auto
sudo chmod +x certbot-auto
sudo ./certbot-auto renew --nginx --dry-run
Did you copy all your certificates exactly as they were on the old server? Same folder structure?
│ ├── acme-staging.api.letsencrypt.org
│ │ └── directory
│ │ └── 4835cd202a2fad9666e0dd2499781129
│ │ ├── meta.json
│ │ ├── private_key.json
│ │ └── regr.json
│ └── acme-v01.api.letsencrypt.org
│ └── directory
│ └── 88058d1c1eddcd4f96a5d28691f2c18b
│ ├── meta.json
│ ├── private_key.json
│ └── regr.json
│ ├── mydomain.com
│ │ ├── cert1.pem
│ │ ├── chain1.pem
│ │ ├── fullchain1.pem
│ │ └── privkey1.pem
│ ├── 0000_csr-certbot.pem
│ ├── 0000_key-certbot.pem
│ ├── mydomain.com
│ │ ├── cert.pem -> ../../archive/mydomain.com/cert1.pem
│ │ ├── chain.pem -> ../../archive/mydomain.com/chain1.pem
│ │ ├── fullchain.pem -> ../../archive/mydomain.com/fullchain1.pem
│ │ ├── privkey.pem -> ../../archive/mydomain.com/privkey1.pem
│ │ └── README
Almost. There was already another certificate (for a different domain, since removed) on the new server, so, following instructions from another thread on this forum, I only moved the files and symlinks in
i don’t think you copied the entire folder structure and contents exactly as it was
At this point, would I be better off jettisoning the old cert and starting from scratch?
Update: I had a spare full backup of the old server’s letsencrypt directory, so I copied over the
keys/ folders I’d left behind before, ran
certbot renew --nginx, and voila, everything works perfectly.
Thanks for your help!
The one of those that would have made a difference here was
accounts (maybe this is a sign that this error message could be made more helpful, because the error message was clearly pointing in an unhelpful direction).
I think this is a common pattern in software development which maybe even has a name, where the error message is describing a much higher-level symptom of a failure that actually happened for a much more specific problem. It’s basically
component X needed item Y, and so it failed, but the reported failure was “component X failed” rather than “item Y missing”
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.