Not getting PEM files when requesting new certificate

I’m trying to get new certificate for new domain, but I’m not getting the PEM files in the /etc/letsencrypt/live folder:


I created the /etc/letsencrypt/live/ folder but I’m still not getting the PEM files.

My domain is:

I ran this command:
/opt/letsencrypt/letsencrypt-auto certonly --config /etc/letsencrypt/cli.ini -w /var/www/ -d -d

It produced this output:
Updating letsencrypt and virtual environment dependencies…

My web server is (include version):
Apache/2.2.22 (Ubuntu)

The operating system my web server runs on is (include version):
Linux 12.04.4 LTS, Precise Pangolin

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot: command not found
cerbot-auto: command not found

Hi @curt

if you use letsencrypt-auto, you should update to certbot. That's a too old version.

Same with your Ubuntu.

Ubuntu 12.04 LTS reached its regular End of Life on April 28, 2017.

What's the error message?


Thanks for your reply.
How do I update to certbot?

I’d rather not update Ubuntu right now because it will make me do a lot of work, such as updating MySQL, PHP, my programs, etc.
I have other domains running fine with Letsencrypt certificates, so if I can get by with 12.04, I’d like to do that for now.

I did not get any error message. After showing the following, it showed the terminal prompt:

Updating letsencrypt and virtual environment dependencies…

Checked your website (via ) you have redirects http -> https and you use Cloudflare.

But Cloudflare requires a working certificate.

Instead, https creates (Cloudflare) errors.

Error 526 Ray ID: 4c668ee148a0d113 • 2019-04-12 16:25:46 UTC Invalid SSL certificate You Browser Working Berlin Cloudflare Working Host Error What happened? The origin web server does not have a valid SSL certificate. What can I do? If you're a visitor of this website: Please try again in a few minutes. If you're the owner of this website: The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here. Cloudflare Ray ID: 4c668ee148a0d113 • Your IP : 2a01:238:301b::1229 • Performance & security by Cloudflare

So disable Cloudflare (or disable the redirect http -> https), create a certificate, then enable Cloudflare again.

Perhaps it may work if you disable only the redirect http -> https. If Cloudflare sends the request to your server, then your http port should answer.

In Cloudflare:

  • Under Crytpo, I turned SSL to Off.
  • Under DNS, for the A and CNAME records, I clicked the orange clouds to turn them to gray, so that traffic will bypass Cloudflare.

I tried creating the certificates again, and I’m still not getting PEM files and no error message.

Should I change the nameservers to point to my hosting company instead of Cloudflare?

I don't understand why there is no output.

What says


I'm not firm with that old letsencrypt-client. Perhaps that client supports only tls-sni-01 validation, that's not longer supported. Or did you create other certificates with the same command?

What says

letsencrypt-auto --version

That may be the next step. But without a log of your client it's terrible.

From the last lines of /var/log/letsencrypt/letsencrypt.log, it showed this:

2019-03-02 04:59:51,090:ERROR:certbot.renewal:The following certs could not be renewed:
2019-03-02 04:59:51,091:ERROR:certbot.renewal:  /etc/letsencrypt/live/ (failure)
2019-03-02 04:59:51,092:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/", line 11, in <module>
  File "/opt/", line 1365, in main
    return config.func(config, plugins)
  File "/opt/", line 1272, in renew
  File "/opt/", line 477, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

I have created other certificates with the same command, but I did that a couple of years ago.

I ran:

/opt/letsencrypt/letsencrypt-auto --version

It showed the same thing as when I tried to create a certificate. It showed:

Updating letsencrypt and virtual environment dependencies...

After half a minute, it showed the terminal prompt.

Let me know if I should change the nameservers to point to my hosting company instead of Cloudflare.

Then your installation is corrupt.

With a not working installation, it's impossible to create a new certificate.

Installing certbot-auto may not work, but you can try it.

Perhaps select another client.

I already have a couple of domains with Letsencrypt certificates on my server, since a few years ago. They work fine and have been auto-renewing every month or so, for the past few years. If they still work, I do not understand why I am not able to create a new certificate with the same installation.

Should I try changing the nameservers to point to my hosting company instead of to Cloudflare, and then try creating certificates again?

I first started using Letsencrypt in January 2016. At that time, I followed directions at

As you can see, it says to execute:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
$ sudo certbot --apache -d -d

Today, I ran and got the following:

$ sudo certbot --config /etc/letsencrypt/cli.ini -w /var/www/ -d -d
certbot: command not found
$ sudo /opt/letsencrypt/certbot --config /etc/letsencrypt/cli.ini -w /var/www/ -d -d
-bash: /opt/letsencrypt/certbot: No such file or directory

I confirmed that certbot does not exist in /opt/letsencrypt, but certbot-auto does

I tried running the following and got:

$ sudo /opt/letsencrypt/certbot-auto certonly --config /etc/letsencrypt/cli.ini -w /var/www/ -d -d
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Hit precise Release.gpg                                                                   
Hit precise-updates Release.gpg                                                           
Hit precise-backports Release.gpg                                                         
Hit precise Release                                                                       
Hit precise-updates Release           
Hit precise-backports Release                                                      
Hit precise/main Sources                                                           
Hit precise/restricted Sources                              
Hit precise/universe Sources                                
Hit precise/multiverse Sources                              
Hit precise/main amd64 Packages                             
Hit precise/restricted amd64 Packages                       
Hit precise/universe amd64 Packages                         
Hit precise/multiverse amd64 Packages                       
Hit precise/main i386 Packages                              
Hit precise/restricted i386 Packages                        
Hit precise/universe i386 Packages                                             
Hit precise/multiverse i386 Packages                                           
Hit precise/main TranslationIndex                                              
Hit precise/multiverse TranslationIndex                                        
Hit precise/restricted TranslationIndex                                        
Hit precise/universe TranslationIndex                                          
Hit precise-updates/main Sources                                               
Hit precise-updates/restricted Sources                                         
Hit precise-updates/universe Sources                                           
Hit precise-updates/multiverse Sources                                         
Hit precise-updates/main amd64 Packages                                        
Hit precise-updates/restricted amd64 Packages                                  
Hit precise-updates/universe amd64 Packages                                    
Hit precise-updates/multiverse amd64 Packages                                  
Hit precise-updates/main i386 Packages                                         
Hit precise-updates/restricted i386 Packages                                   
Hit precise-updates/universe i386 Packages                                     
Hit precise-updates/multiverse i386 Packages                                   
Hit precise-updates/main TranslationIndex                                      
Hit precise-updates/multiverse TranslationIndex                                
Hit precise-updates/restricted TranslationIndex                                
Hit precise-updates/universe TranslationIndex            
Hit precise-backports/main Sources                       
Hit precise-backports/restricted Sources                 
Hit precise-backports/universe Sources                   
Hit precise-backports/multiverse Sources                 
Hit precise-backports/main amd64 Packages                                      
Hit precise-backports/restricted amd64 Packages                                
Hit precise-backports/universe amd64 Packages                                  
Hit precise-backports/multiverse amd64 Packages                                
Hit precise-backports/main i386 Packages                                       
Hit precise-backports/restricted i386 Packages           
Hit precise-backports/universe i386 Packages             
Hit precise-backports/multiverse i386 Packages                                 
Hit precise-backports/main TranslationIndex                                    
Hit precise-backports/multiverse TranslationIndex                              
Hit precise-backports/restricted TranslationIndex                              
Hit precise-backports/universe TranslationIndex                                
Hit precise/main Translation-en                                                
Hit precise/multiverse Translation-en                                          
Hit precise/restricted Translation-en                                          
Hit precise/universe Translation-en                                            
Hit precise-updates/main Translation-en                                        
Hit precise-updates/multiverse Translation-en                                  
Hit precise-updates/restricted Translation-en                                  
Hit precise-updates/universe Translation-en                                    
Hit precise-backports/main Translation-en                                      
Hit precise-backports/multiverse Translation-en              
Hit precise-backports/restricted Translation-en              
Hit precise-backports/universe Translation-en                
Hit precise-security Release.gpg                                                         
Hit precise-security Release          
Hit precise-security/main Sources
Hit precise-security/restricted Sources
Hit precise-security/universe Sources
Hit precise-security/multiverse Sources
Hit precise-security/main amd64 Packages
Hit precise-security/restricted amd64 Packages
Hit precise-security/universe amd64 Packages
Hit precise-security/multiverse amd64 Packages
Hit precise-security/main i386 Packages
Hit precise-security/restricted i386 Packages
Hit precise-security/universe i386 Packages
Hit precise-security/multiverse i386 Packages
Hit precise-security/main TranslationIndex
Hit precise-security/multiverse TranslationIndex
Hit precise-security/restricted TranslationIndex
Hit precise-security/universe TranslationIndex
Hit precise-security/main Translation-en
Hit precise-security/multiverse Translation-en
Hit precise-security/restricted Translation-en
Hit precise-security/universe Translation-en
Reading package lists... Done 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
augeas-lenses is already the newest version.
augeas-lenses set to manually installed.
gcc is already the newest version.
libaugeas0 is already the newest version.
libffi-dev is already the newest version.
python-virtualenv is already the newest version.
ca-certificates is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
python is already the newest version.
python-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 49 not upgraded.
Upgrading certbot-auto 0.32.0 to 0.33.1...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
/opt/ No module named pip.__main__; 'pip' is a package and cannot be directly executed
Traceback (most recent call last):
  File "/tmp/tmp.WjK4JFYugS/", line 177, in <module>
  File "/tmp/tmp.WjK4JFYugS/", line 149, in main
    pip_version = StrictVersion(check_output([python, '-m', 'pip', '--version'])
  File "/usr/lib/python2.7/", line 544, in check_output
    raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['/opt/', '-m', 'pip', '--version']' returned non-zero exit status 1


It says to install Certbot and run:

$ wget
$ chmod a+x certbot-auto
$ sudo /path/to/certbot-auto --apache

I didn’t install Cerbot as it suggested, but I ran the following:

$ sudo /path/to/certbot-auto --apache

I got the same long list of return messages as you see above. There is still nothing in /etc/letsencrypt/live/

A few questions:

Recent versions of certbot-auto are incompatible with the ancient version of pip in Ubuntu 12.04.

See this thread (which mostly discusses Debian 7, which is also EOL, but it's the same issue):

You can work around that issue, but you should upgrade to a newer OS.

As suggested by user gery at PIP error with certbot-auto , I made the following changes to certbot-auto:

pip_version = StrictVersion(check_output([python, '-m', 'pip', '--version'])
pip_version = StrictVersion(check_output(['pip', '--version'])

command = [python, '-m', 'pip', 'install', '--no-index', '--no-deps', '-U']
command = ['pip', 'install', '--no-index', '--no-deps', '-U']

Then I ran the following:

$ /opt/letsencrypt/certbot-auto certonly --config /etc/letsencrypt/cli.ini -w /var/www/ -d -d

It gave the following response:

/opt/ CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Using the webroot path /var/www/ for all unmatched domains.
Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2019-07-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"

So, it worked. Thanks for your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.