Monthly renewall error


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:webologix.com

I ran this command:

Since I upgraded the letsencrypt install I have I get that mail message every month :

It produced this output:

Attempting to renew cert (webologix.com) from /etc/letsencrypt/renewal/webologix.com.conf produced an unexpected error: [Errno 5] Input/output error: ‘/var/lib/letsencrypt/backups’. Skipping.
All renewal attempts failed. The following certs could not be renewed:
** /etc/letsencrypt/live/webologix.com/fullchain.pem (failure)**
1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache/2.4.10 (Debian)

The operating system my web server runs on is (include version):debian 8

My hosting provider, if applicable, is:OVH

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no or maybe ispconfig


#2

Your VPS’s storage volume might be hosed.

sudo touch /var/lib/letsencrypt/backups/test
df -h

#3

Is there anything relevant in dmesg (a command to display a kernel log) or /var/log/ (a directory full of log files)? Especially when Certbot is running, or when you try to access /var/lib/letsencrypt/backups with ls or something?

Is it on a special filesystem or something?

Could like AppArmor or systemd restricting access to the directory cause that error?


#4

I found that in dmesg. Don’t know if relevant:

root@ns1:~# dmesg| grep letsencry
[2891058.692055] EXT4-fs error (device sda2): __ext4_get_inode_loc:4039: inode #50338227: block 201327035: comm letsencrypt: unable to read itable block

Nothing in syslog when I run :

root@ns1:~# /usr/local/sbin/renew_certs
[ ok ] Stopping apache2 (via systemctl): apache2.service.
[ ok ] Starting apache2 (via systemctl): apache2.service.
Terminé


#5

I don’t want to alarm you but your hard drive is malfunctioning.

Or, possibly, the kernel is malfunctioning.

Certbot is trying to access a certain directory, and it can’t, because the kernel isn’t able to access that part of the disk.

With luck, there’s just one bad block.

With less luck, it could be worse.

You need to contact your hosting company about replacing the drive, check your backups, and maybe run fsck and/or badblocks to assess the situation and perhaps repair the filesystem.


#6

Thanks. I’ll contact ovh


#7

I finally just did a file system check and repair and the problem seems to have disapeared. So letsencrypt was not concerned
Thanks for your support


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.