Missing renewal file?

My domain is: opencalaccess.org

I ran this command: certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/opencalaccess.com-0001.conf


Certificate not yet due for renewal


Processing /etc/letsencrypt/renewal/opencalaccess.com.conf


Certificate not yet due for renewal


Processing /etc/letsencrypt/renewal/opencalaccess.org-0001.conf


Certificate not yet due for renewal


Processing /etc/letsencrypt/renewal/opencalaccess.org.conf


Renewal configuration file /etc/letsencrypt/renewal/opencalaccess.org.conf is broken.
The error was: renewal config file {} is missing a required file reference
Skipping.


Processing /etc/letsencrypt/renewal/thereallewiscarroll.com.conf


Certificate not yet due for renewal


The following certificates are not due for renewal yet:
/etc/letsencrypt/live/opencalaccess.com-0001/fullchain.pem expires on 2021-10-25 (skipped)
/etc/letsencrypt/live/opencalaccess.com/fullchain.pem expires on 2021-10-14 (skipped)
/etc/letsencrypt/live/opencalaccess.org-0001/fullchain.pem expires on 2021-10-25 (skipped)
/etc/letsencrypt/live/thereallewiscarroll.com/fullchain.pem expires on 2021-10-26 (skipped)
No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/opencalaccess.org.conf (parsefail)


0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

from "apachectl -S":

[Sun Aug 01 13:07:03.669207 2021] [so:warn] [pid 842023:tid 140495153564736] AH01574: module WebObjects_module is already loaded, skipping
[Sun Aug 01 13:07:03.670461 2021] [so:warn] [pid 842023:tid 140495153564736] AH01574: module WebObjects_module is already loaded, skipping
VirtualHost configuration:
*:443 is a NameVirtualHost
default server opencalaccess.com (/etc/apache2/sites-enabled/opencalaccess.com-le-ssl.conf:2)
port 443 namevhost opencalaccess.com (/etc/apache2/sites-enabled/opencalaccess.com-le-ssl.conf:2)
alias www.opencalaccess.com
port 443 namevhost opencalaccess.org (/etc/apache2/sites-enabled/opencalaccess.org-le-ssl.conf:2)
alias www.opencalaccess.org
port 443 namevhost thereallewiscarroll.com (/etc/apache2/sites-enabled/thereallewiscarroll.com-le-ssl.conf:2)
alias www.thereallewiscarroll.com
*:80 is a NameVirtualHost
default server ganymede1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost ganymede1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost opencalaccess.com (/etc/apache2/sites-enabled/opencalaccess.com.conf:1)
alias www.opencalaccess.com
port 80 namevhost opencalaccess.org (/etc/apache2/sites-enabled/opencalaccess.org.conf:1)
alias www.opencalaccess.org
alias meet.opencalaccess.org
port 80 namevhost thereallewiscarroll.com (/etc/apache2/sites-enabled/thereallewiscarroll.com.conf:1)
alias www.thereallewiscarroll.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

from "find /etc/letsencrypt/renewal -ls"

1580690 4 drwxr-xr-x 2 root root 4096 Jul 28 09:00 /etc/letsencrypt/renewal
1582226 0 -rw-r--r-- 1 root root 0 May 13 10:32 /etc/letsencrypt/renewal/opencalaccess.org.conf
1583220 4 -rw-r--r-- 1 root root 544 Jul 16 16:59 /etc/letsencrypt/renewal/opencalaccess.com.conf
1583305 4 -rw-r--r-- 1 root root 550 Jul 27 12:52 /etc/letsencrypt/renewal/opencalaccess.org-0001.conf
1583309 4 -rw-r--r-- 1 root root 550 Jul 27 12:56 /etc/letsencrypt/renewal/opencalaccess.com-0001.conf
1583326 4 -rw-r--r-- 1 root root 574 Jul 28 09:00 /etc/letsencrypt/renewal/thereallewiscarroll.com.conf

I wonder why the opencalaccess.org.conf file here is empty? How can I restore its contents?

Good guestion! No idea how or why though.. It's date of modification is also rather strange compared to the others?

The most easy way is from one of the backups you regularly make of your system. Or at least I hope you do. Certbot doesn't have a "how to restore a renewal file" function. Just issue the certificate again to write a new one is probably the only easy way.

That said, I'm a little bit puzzled by the duplicate renewal configuration files present. What's the purpose of those renewal config files ending with -0001.conf?

1 Like

I did not do anything to create the "-0001" files.

And the files were copied over from another instance that has been shut down. I intended to get all of the files but this may have been missed.

I am tempted to move the opencalaccess.org-001 files and directories to opencalaccess.org. Renaming the originals, of course. I wonder if this would screw things up.

Usually, these are duplicate certificates from when a different hostname was added or removed from a previously issued cert. Please check certbot certificates to see the list of certificates currently available to certbot and check for duplicates.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.