No Renewal Config Found

I ran this command: certbot certificates / certbot renew

It produced this output:

No certificates found.

The operating system my web server runs on is (include version): Alpine Linux v3.18

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Previously certificate where successfully issued with

certbot \
        certonly \
         -v \
         -d $SERVE_DOMAIN \
         --webroot -w $ACME_ROOT

The command was ran on the very same env and /etc/letsencrypt folder was created in all by means of certbot it self

/etc/letsencrypt/live/$SERVE_DOMAIN /etc/letsencrypt/arhive/$SERVE_DOMAIN are pretty good populated

Serving from /etc/letsencrypt/live/$SERVE_DOMAIN works fine

Yet any of

certbot certificates
certbot certificates -d "$SERVE_DOMAIN"
certbot certificates --config-dir /etc/letsencrypt/
certbot renew

Outputs

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certificates found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Manually creating renewal config at /etc/letsencrypt/renewal/ helps
So does certbot certificates care /etc/letsencrypt/renewal/ info at the first place instead of /etc/letsencrypt/live?

How to make renewal config to be generated automatically with the certbot certonly call it self and based on all its attributes?

Thx?

It sounds like you restored the /etc/letsencrypt/{live,archive} directories, but not the renewal/ directory.

All of the directories are required for Certbot to keep track of its certificates. renewal/ is where Certbot looks for information about certificates it is managing.

If you just drop files into live/ or archive/, Certbot will ignore them.

Certbot will always create entries in the renewal/ directory when you create a certificate. It is impossible for certificates to be written to /etc/letsencrypt/{live,archive} without a corresponding entry in renewal/.

Yes, it is essential. This command displays the certificate "profile" which is described by the conf files in ../renewal/ folder

These conf files retain your command options (and more) and are used by certbot renew command to repeat the process you used originally.

The folder and conf files are created by certbot certonly. Something went very wrong for those to disappear. Could you have deleted them by mistake?

Do you have a /var/log/letsencrypt/letsencrypt.log file from a successful cert request? Can you upload it?

Thanks guys for your feedbacks.
Looks like it is really a matter of /etc/letsencrypt/renewal being corrupted at my side.
Is there a chance to recreate its content (not manulally) having the rest of /etc/letsencrypt folders in place without generating new certs (it is a matter of hitting the limits now)?

Sure, someone with expertise and enough time could. But, it's far easier to just reissue a cert and let Certbot do its job

Given what you've described I don't see how rate limits apply. If you recently got 5 fresh certs for the same set of domain names then you have a recent one in /live/ which has enough life to allow you to wait another week to reissue. And, if the certs are older then they wouldn't be subject to rate limit yet.

Ah yes. To take a while before the next reissue was my second option.
I thought maybe there's something I can do just right now. Maybe something like hack as --dry-run with the same args and to capture renewal config from logs or something.

Thanks for your help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.