My certificate is about to expire as I renew it using Carbono Mail

My domain is:

I ran this command: certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/ produced an unexpected error: target /etc/letsencrypt/archive/ of symlink /etc/letsencrypt/live/ does not exist. Skipping.

The following renewal configurations were invalid:

then => cat /var/log/letsencrypt/letsencrypt.log

The following renewal configurations were invalid:

root@mail:~# cat /var/log/letsencrypt/letsencrypt.log
2023-07-31 10:14:42,757:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-07-31 10:14:43,499:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-07-31 10:14:43,499:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3024/bin/certbot
2023-07-31 10:14:43,499:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2023-07-31 10:14:43,499:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-31 10:14:43,540:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-31 10:14:43,545:WARNING:certbot._internal.cert_manager:Renewal configuration file /etc/letsencrypt/renewal/ produced an unexpected error: target /etc/letsencrypt/archive/ of symlink /etc/letsencrypt/live/ does not exist. Skipping.
2023-07-31 10:14:43,551:DEBUG:certbot._internal.cert_manager:Traceback was:
Traceback (most recent call last):
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/", line 85, in certificates
renewal_candidate = storage.RenewableCert(renewal_file, config)
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/", line 510, in init
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/", line 593, in _check_symlinks
raise errors.CertStorageError("target {0} of symlink {1} does "
certbot.errors.CertStorageError: target /etc/letsencrypt/archive/ of symlink /etc/letsencrypt/live/ does not exist

2023-07-31 10:14:43,551:DEBUG:certbot._internal.display.obj:Notifying user:
The following renewal configurations were invalid:

The HTTP-01 challenge of the Challenge Types - Let's Encrypt requires Port 80 open and accessible.
Best Practice - Keep Port 80 Open

Using the online tool Let's Debug yields these results

Error has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "": dial tcp connect: connection refused

@0ms: Making a request to (using initial IP
@0ms: Dialing
@97ms: Experienced error: dial tcp connect: connection refused 
A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Connection refused 

Did you manually modify anything within the /etc/letsencrypt path?


I have not modified the path,

root@mail:/etc/letsencrypt/live/ ls
README cert.pem chain.pem fullchain.pem privkey.pem

Please show the output of:

ls -l /etc/letsencrypt/live/ /etc/letsencrypt/archive/
1 Like

I show you the result

root@mail:~# ls -l /etc/letsencrypt/live/ /etc/letsencrypt/archive/
total 0

total 4
-rw-r--r-- 1 root root 692 Apr 30 22:56 README
lrwxrwxrwx 1 root root 45 May 3 14:51 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root 46 May 3 14:51 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root 50 May 3 14:51 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root 48 May 3 14:51 privkey.pem -> ../../archive/

Where did the contents of this directory go? There should be 8 files in it..

Please restore the archive directory from a recent backup and try again.

Alternatively you could remove the directories from /live/ and /archive/ and the renewal configuration file from the /renewal/ directory and issue a new certificate like you did before.

Make sure you DON'T try to reload or restart the services currently still using the certificate until you've got a new certificate, as it's still in memory, but not on the disk.


I have no idea what happened to those files, now I don't have a backup of that directory, so I will do the second option that you indicate. In summary.

  1. Delete the file from /etc/letsencrypt/live/.
  2. Create a new certificate.

You might want to backup the renewal configuration file for reference purposes, as it contains some configuration settings for Certbot when you first issued that certificate. Just for in case you don't remember for example.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.