Old deleted conf files are updated with crontab

Error with update.

In the ssl configuration, I created the following two files: xx.com, www.xx.com
Deleted xx.com 3 months ago when it was not needed
certbot-auto delete -d xx.com

I'm not sure if I'm able to delete them. When I look at the crontab update log, I see that an update of xx.com is performed and an error occurs.

Can this error be resolved by deleting /etc/letencrypt/renewal/xx.com.conf?


DEBUG:certbot._internal.main:certbot version: 1.9.0
DEBUG:certbot._internal.main:Arguments:['--cert-name', 'xx.com']
DEBUG:certbot._internal.main:Discovered plugins: PluginRegistry(PluginEnterPoint#apache,pluginEntryPoint#manual,PluginEnterpoint#nginx,PluginEntryPoint#null,pluginEntryPoint#standalone,PluginEntryPoint#webroot)
DEBUG:certbot._internal.log:Root logging level set at 20
INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt.log
DEBUG:certbot._internal.log:Exiting abnormally:Traceback (most recent call last) :
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in
sys.exit(main())
File "/opt/eff.org/certbox/venv/local/lib/python2.7/site-packages/certbot/main.py" , line 15, in main
return internal_main.main(cli_args)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 1362, in main
return config.func(config, plugins)
File "/opt/eff.org/certbox/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 1267, in renew renewal.handle_renewal_request(confg)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/renewal.py", line 414, in handle_renewal_request
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/storage.py" line 54, in renewal_file_for_certname
"(1)).".format(certname, path))
CertStorageErr: no certificate found with name xx.com(expected /etc/letsencrypt/renewal/xx.com.conf).
ERROR:certbot._internal.log:No certificate found with name xx.com (expected /etc/letencrypt/renewal/xx.com.conf).

2 Likes

What's the output of certbot certificates?

4 Likes

I don't understand certbot, so please let me know. What do I need to output a certbot certificate?

3 Likes

Just run certbot certificates and it will show the certificates that had been created. Post that output here as asked by @Osiris.

You can find the documentation of certbot and how it's used here: User Guide — Certbot 2.7.0.dev0 documentation

4 Likes

When Certbot-auto renew is executed, it will be updated normally as follows.
Running certbot-auto renew from cronTab will result in an error.

Connected, host fingerprint: ssh-rsa 0 11:B9:5F:6A:05:61:E7:52:DA:8C:60:AB:98:2E
:F1:CB:94:87:C0:81:6E:55:E7:22:2D:C4:A5:F3:AB:4A:98:3E
Linux wordpress-1-vm 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1+deb9u1 (2020-06-07)
x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
niki@wordpress-1-vm:~$ sudo -i
root@wordpress-1-vm:~# cd /etc/letsencrypt/
root@wordpress-1-vm:/etc/letsencrypt# ./certbot-auto renew
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.xx.com.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.xx.com
Waiting for verification...
Cleaning up challenges


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/xx.com/fullchain.pem



Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.xx.com/fullchain.pem (success)


1 Like

And what error do you get when certbot is ran through cron? The one from your openings post?

By the way, your output just now gives me conflicting information:

Suggests a certificate name without www, however, the next part:

..suggests a certificate name with www.. I'm confused.

As said, please paste the output of the following command:

certbot-auto certificates
2 Likes

Thank you very much.
The result of the execution is shown below.
As for the error when running from CronTab, I'll take another look.


Found the following certs:
Certificate Name: www.xx.com
Serial Number: 4fe7acd7ded62cbb709684b228f921a25ed
Domains: www.xx.com
Expiry Date: 2021-06-20 06:34:24+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.xx.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.xx.com/privkey.pem


1 Like

There was an omission in the form.
I would like to remove the following from the server, how can I do that?

I would like to remove the following definition that is running in certbot-auto renew.

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/xx.com/fullchain.pem

The process is
certbot-auto delete -d xx.com
will it not be updated next time?
I would like to know if there are any other necessary procedures other than delete.

1 Like

The delete command is enough by itself, but you should also make sure that the deleted certificate is no longer referenced in any server configuration files (e.g. Apache or nginx configuration), because those configurations will become invalid if they still reference a deleted certificate.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.