Monthly renewall error

kmc · September 23, 2018, 6:44am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:webologix.com

I ran this command:

Since I upgraded the letsencrypt install I have I get that mail message every month :

It produced this output:

Attempting to renew cert (webologix.com) from /etc/letsencrypt/renewal/webologix.com.conf produced an unexpected error: [Errno 5] Input/output error: ‘/var/lib/letsencrypt/backups’. Skipping.
All renewal attempts failed. The following certs could not be renewed:
** /etc/letsencrypt/live/webologix.com/fullchain.pem (failure)**
1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache/2.4.10 (Debian)

The operating system my web server runs on is (include version):debian 8

My hosting provider, if applicable, is:OVH

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no or maybe ispconfig

_az · September 23, 2018, 7:06am

Your VPS’s storage volume might be hosed.

sudo touch /var/lib/letsencrypt/backups/test
df -h

mnordhoff · September 23, 2018, 7:55am

Is there anything relevant in dmesg (a command to display a kernel log) or /var/log/ (a directory full of log files)? Especially when Certbot is running, or when you try to access /var/lib/letsencrypt/backups with ls or something?

Is it on a special filesystem or something?

Could like AppArmor or systemd restricting access to the directory cause that error?

kmc · September 23, 2018, 8:20am

I found that in dmesg. Don’t know if relevant:

root@ns1:~# dmesg| grep letsencry
[2891058.692055] EXT4-fs error (device sda2): __ext4_get_inode_loc:4039: inode #50338227: block 201327035: comm letsencrypt: unable to read itable block

Nothing in syslog when I run :

root@ns1:~# /usr/local/sbin/renew_certs
[ ok ] Stopping apache2 (via systemctl): apache2.service.
[ ok ] Starting apache2 (via systemctl): apache2.service.
Terminé

mnordhoff · September 23, 2018, 8:44am

I don't want to alarm you but your hard drive is malfunctioning.

Or, possibly, the kernel is malfunctioning.

Certbot is trying to access a certain directory, and it can't, because the kernel isn't able to access that part of the disk.

With luck, there's just one bad block.

With less luck, it could be worse.

You need to contact your hosting company about replacing the drive, check your backups, and maybe run fsck and/or badblocks to assess the situation and perhaps repair the filesystem.

kmc · September 23, 2018, 8:49am

Thanks. I’ll contact ovh

kmc · September 28, 2018, 8:47am

I finally just did a file system check and repair and the problem seems to have disapeared. So letsencrypt was not concerned
Thanks for your support

system · October 28, 2018, 8:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fail renewal letsencrypt Help	3	627	December 27, 2019
Certificate renewal failed Help	5	82	December 2, 2024
Renewal fails on existing letsencrypt certificate Help	18	942	November 30, 2020
Difficulty in renewing letsencrypt certificate Help	8	1123	June 25, 2020
Just wondering why i can't renew my SSL Help	26	619	July 9, 2023

Monthly renewall error

Related topics