No live folder on /etc/letsencrypt

Help
#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: whatsmenu.pt

I ran this command:
sudo openssl pkcs12 -export -in $LIVE/cert.pem -inkey $LIVE/privkey.pem -out cert_and_key.p12 -name myalias -CAfile $LIVE/chain.pem -caname root -password pass:KEYSTOREPW (All are correct except for $LIVE which was correct but doesn’t exists anymore)

It produced this output:
Error opening input file /etc/letsencrypt/live/whatsmenu.pt/cert.pem
/etc/letsencrypt/live/whatsmenu.pt/cert.pem: No such file or directory

My web server is (include version): Centos 7 (Apache)

The operating system my web server runs on is (include version): Centos 7

I can login to a root shell on my machine: yes:

Hi there,
I’m stucked on this:
There is no content on my /etc/letsencrypt/live folder. It should have whatsmenu.pt and letsencrypt files, shouldn´t it?

How can i rebuild this?

Regards

#2

Hi @Jokawalker

you have a lot of active Letsencrypt certificates ( https://check-your-website.server-daten.de/?q=whatsmenu.pt#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-07-05 2019-10-03 www.whatsmenu.pt - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-07-04 2019-10-02 *.whatsmenu.pt, whatsmenu.pt - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-07-04 2019-10-02 whatsmenu.pt, www.whatsmenu.pt - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-07-01 2019-09-29 whatsmenu.pt - 1 entries
Let's Encrypt Authority X3 2019-06-28 2019-09-26 whatsmenu.pt, www.whatsmenu.pt - 2 entries
Let's Encrypt Authority X3 2019-06-27 2019-09-25 whatsmenu.pt, www.whatsmenu.pt - 2 entries
Let's Encrypt Authority X3 2019-06-26 2019-09-24 whatsmenu.pt, www.whatsmenu.pt - 2 entries
Let's Encrypt Authority X3 2019-06-26 2019-09-24 www.whatsmenu.pt - 1 entries
Let's Encrypt Authority X3 2019-06-26 2019-09-24 whatsmenu.pt, www.whatsmenu.pt - 2 entries
Let's Encrypt Authority X3 2019-06-26 2019-09-24 whatsmenu.pt, www.whatsmenu.pt - 2 entries
Let's Encrypt Authority X3 2019-05-17 2019-08-15 www.whatsmenu.pt - 1 entries
Let's Encrypt Authority X3 2019-05-10 2019-08-08 whatsmenu.pt, www.whatsmenu.pt - 2 entries
Let's Encrypt Authority X3 2019-04-08 2019-07-07 www.whatsmenu.pt - 1 entries

Where are these?

What says

certbot certificates

ls -al /etc/letsencrypt/live
#3

he already said /etc/letsencrypt/live doesn’t exist, so looks like broken certbot installration
what’s in /etc/letsencrypt/archive ?

1 Like
#4

Ok, @orangepizza

then:

Why? Did you delete something? Hope, you have a backup. Or (if archive exists), create the live folder and the symlinks.

#5

It’s also empty. I didn’t delete nothing as far as i know.
I’m trying to import the certificates onto glassfish and can’t because of this issue.

#6

No Juergen, as far as i know i didn’t delete anything.
The archive folder is also empty.
Is there any way of rebuild this?

#7

certbot certificates says no certificates found

#8

Have you actually used Certbot to issue any certificates on this computer?

Is there anything in the other directories like /etc/letsencrypt/accounts/ or /etc/letsencrypt/keys/?

Could your Certbot installation be using another location, like /usr/local/etc/letsencrypt/?

#9

Yes, I used Certbot to issue the certificates
/etc/letsencrypt/accounts has contents as well as /etc/letsencrypt/keys
The keys folder .pem files but not the cert.pem

#10

if there is key you may be able to try download matching pair from crt.sh?

#11

On that computer? Without reinstalling it and erasing /etc/letsencrypt/ or something?

Right -- the keys directory only contains private keys. The certificates are stored in archive, with links in live.

The keys directory can also contain keys from attempts to issue certificates that failed because of validation issues or whatever, though.

#12

Thanks,
How can i do that?

#13

download one of newest certificate from Download Certificate: PEM on sidebar in
https://crt.sh/?id=1640402144
run this command downloaded certficate openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum and write it somewhere
for each private key files run this and find one what outputs are same as certificate public key hash as above.
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum

#14

That one’s a precertificate – the matching real certificate is:

https://crt.sh/?id=1647248416

#15

If you have deleted your certificates, it may be easier to create a new certificate.

If you didn’t delete the certificates, then perhaps your server is hacked. Then you should check that first.

#16

Thanks a lot.
What do i do now to rebuild the live folder?

#17

Hi @Jokawalker,

This is an unusual bug that I’m not sure I’ve seen before. It seems like your copy of Certbot might be successfully requesting certificates from Let’s Encrypt, but then crashing every time before it manages to save them on your machine.

Could you share one of the log files from /var/log/letsencrypt corresponding to an attempted certificate issuance?

Did you ever see the “Congratulations” message from Certbot at the end of the process when you requested a certificate? Or did you ever see an error indicating that Cetbot had crashed?

#18

Hi.
I don’t if this helps. But its one of the log files.
Thanks for you care.

2019-07-07 12:04:56,862:DEBUG:certbot.main:certbot version: 0.34.2
2019-07-07 12:04:56,863:DEBUG:certbot.main:Arguments: [’–apache’, ‘–apache-server-root’, ‘/etc/apache2’]
2019-07-07 12:04:56,863:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-07-07 12:04:56,948:DEBUG:certbot.log:Root logging level set at 20
2019-07-07 12:04:56,948:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-07-07 12:04:56,952:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-07-07 12:04:57,218:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2019-07-07 12:04:57,219:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Could not find configuration root
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 131, in prepare
self._initialized.prepare()
File “/usr/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 263, in prepare
self.parser = self.get_parser()
File “/usr/lib/python2.7/site-packages/certbot_apache/override_centos.py”, line 90, in get_parser
self.version, configurator=self)
File “/usr/lib/python2.7/site-packages/certbot_apache/override_centos.py”, line 175, in init
super(CentOSParser, self).init(*args, **kwargs)
File “/usr/lib/python2.7/site-packages/certbot_apache/parser.py”, line 51, in init
self.loc = {“root”: self._find_config_root()}
File “/usr/lib/python2.7/site-packages/certbot_apache/parser.py”, line 835, in _find_config_root
raise errors.NoInstallationError(“Could not find configuration root”)
NoInstallationError: Could not find configuration root
2019-07-07 12:04:57,228:DEBUG:certbot.plugins.selection:No candidate plugin
2019-07-07 12:04:57,229:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

#19

It would probably have to be an older one, from a time that it got further through the process (actually requesting a certificate). For example, one corresponding to one of the certificate issuance times that @JuergenAuer identified above (note that those times are probably given in UTC).

#20

A good way to find relevant log files would be running a command like:

sudo grep -lr 'POST request to .*cert' /var/log/letsencrypt/
1 Like