When I run ‘cerbot renew’ I get errors related to domains which are no longer active and have been removed from the web server. I see conf files in the renewal folder for these old domains – can I just delete them?
For one domain that is active, I see this:
-rw-r–r-- 1 root root 574 Aug 20 00:02 corelosangeles.com-0001.conf
-rw-r–r-- 1 root root 574 Aug 28 12:06 corelosangeles.com-0002.conf
-rw-r–r-- 1 root root 574 Aug 28 12:07 corelosangeles.com-0003.conf
-rw-r–r-- 1 root root 574 Aug 28 12:06 corelosangeles.com-0004.conf
-rw-r–r-- 1 root root 574 Jul 11 00:03 corelosangeles.com-0005.conf
-rw-r–r-- 1 root root 574 Jul 11 00:04 corelosangeles.com-0006.conf
-rw-r–r-- 1 root root 574 Jul 11 00:03 corelosangeles.com-0007.conf
-rw-r–r-- 1 root root 574 Dec 14 20:24 corelosangeles.com-0008.conf
-rw-r–r-- 1 root root 549 Aug 9 00:02 corelosangeles.com.conf
This feels wrong and I am seeing rate limit errors related to 0006. How best to clean this up?
Those should be "historical" and do NOT get deleted automatically
[and should not cause a problem]
But it is hard to tell exactly where those files are located (from your output) so MAYBE there is a problem...
The following certs could not be renewed:
/etc/letsencrypt/live/corelosangeles.com-0002/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com-0007/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com-0004/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com-0003/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com-0001/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com-0005/fullchain.pem (failure)
/etc/letsencrypt/live/corelosangeles.com-0006/fullchain.pem (failure)
This domain is deleted:
The following certs could not be renewed:
/etc/letsencrypt/live/dev.translingua.techaround.com/fullchain.pem (failure)
Just show the first 20 (or less)?
We should see a pattern from that.
OR
show screenshots?
OR
just show the ones that are expired or known not in use
OR
post in paste-bin/dropbox/1drive/Gdrive type system
OR
save to TXT file and move it to your website and post link here
OR
try encapsulating the whole mess with preceding and postceding (not-a-word) them with:
```
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0002/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0007/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0004/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0003/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0001/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0005/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/corelosangeles.com-0006/cert.pem is unknown
Make sure all your sites are using the remaining certs and none of the ones you deleted.
[grep is your friend here]
grep -ri /etc/letsencrypt/live/ /etc/apache2/
Compare that output with the output of certbot certificates.
All of them should be included in both.
If not, Houston we (will) have a problem.
[as soon as your webserver restarts - trying to use deleted files]
Replace that with the corresponding active file found in certbot certificates
Look through file:
for any use of ServerName or ServerAlias
to better understand which names are required in that cert.
Match that to the names found in the certs - and your covered.