New cert with webroot fails with error about missing cert

ventaur · April 18, 2017, 3:30am

When I first tried to create a cert for my domain, I used the --apache switch, but it failed with conf parser errors, yet configtest shows success. So, I switched to using --webroot instead, but I keep getting the error about a missing renewal config file for Let’s Encrypt. I’m trying to create a new cert, not renew. Any help is appreciated.

My domain is:
www.axiomforge.com

I ran this command:
certbot certonly --webroot --cert-name axiomforge -w /var/www/axiomforge/site -d www.axiomforge.com

It produced this output:
No certificate found with name axiomforge (expected /etc/letsencrypt/renewal/axiomforge.conf).

My operating system is (include version):
Ubuntu 16.04.2 LTS

My web server is (include version):
Apache 2.4.18

My hosting provider, if applicable, is:
Self-hosted

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

schoen · April 18, 2017, 6:11am

Hi @ventaur,

I think the error you’re seeing is because you’re specifying --cert-name. Historically, it wasn’t possible to choose a --cert-name when creating a new certificate. It should be possible in the newest versions of Certbot, but not in slightly older ones. Which version of Certbot are you running?

ventaur · April 19, 2017, 12:03am

Hello and thanks for the reply!

I am running version 0.11.1 as acquired via apt-get via the PPA specified in the docs for Debian systems with Apache here: https://certbot.eff.org/#ubuntuxenial-apache

After running the client with the --apache switch and getting some ambiguity with my special configuration, I switched to preferring the --webroot switch. I imagine I didn’t have to install the Apache-specific edition now, but that’s what I’m using when I receive the error. Do you recommend I switch to something else?

schoen · April 19, 2017, 12:12am

If you just want to get rid of the specific error and you don’t mind not being able to choose the cert name, you could just leave out --cert-name. I think that will take care of the error you’re currently seeing.

ventaur · April 19, 2017, 12:30am

Thanks again, @schoen. I tried the same command without the --cert-name option and it worked just fine.

Is there anyway (now or in the near future) that I can rename my cert in order to support my minor OCD? Thanks!

schoen · April 19, 2017, 12:43am

If you can eventually upgrade to a later version, there will be a rename command. Or you can manually rename every reference in /etc/letsencrypt/{live,archive,renewal}, but be careful not to miss anything (including both file names and file contents).

system · May 19, 2017, 12:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.