Problem with certbot-auto renew


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gamesyap.com

I ran this command: certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/gamesyap.com-0001.conf


Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/techcomputerworld.com.conf


Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/izquierdaanarkista.info.conf


Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/gamesyap.com.conf


Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/renewal.py”, line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/storage.py”, line 461, in init
self._check_symlinks()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/storage.py”, line 520, in _check_symlinks
“expected {0} to be a symlink”.format(link))
CertStorageError: expected /etc/letsencrypt/live/gamesyap.com/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/gamesyap.com.conf is broken. Skipping.


The following certs are not due for renewal yet:
/etc/letsencrypt/live/gamesyap.com-0001/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/techcomputerworld.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/izquierdaanarkista.info/fullchain.pem expires on 2019-03-06 (skipped)
No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/gamesyap.com.conf (parsefail)


0 renew failure(s), 1 parse failure(s)

My web server is (include version): Nginx 1.14.0

The operating system my web server runs on is (include version): Ubuntu Server 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, Iuse command line interface for my server.


#2

Hi @techcomputerworld

you have two different directories with the same domain name. And you have a valide Letsencryt - certificate:


CN=gamesyap.com 04.12.2018 04.03.2019 gamesyap.com, www.gamesyap.com - 2 entries
Keyalgorithm RSA encryption (2048 bit)
Signatur: SHA256 With RSA-Encryption
Serial Number: 0341197BB4890232876793DC2A5534A9AEC7
Thumbprint: 4ADB2294D5F58C4E880AEC623156C00BAEA8D873

So check your configuration with certbot certificates to find this valide certificate.

And delete the other certificate with

certbot delete --cert-name [name found in the other command]

#3

thank you, i’ve tried
root@ubuntu:/etc/letsencrypt/live# certbot delete --cert-name gamesyap.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Deleted all files relating to certificate gamesyap.com.


and I now execute command:
root@ubuntu:/etc/letsencrypt/live# certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/gamesyap.com-0001.conf


Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/techcomputerworld.com.conf


Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/izquierdaanarkista.info.conf


Cert not yet due for renewal


The following certs are not due for renewal yet:
/etc/letsencrypt/live/gamesyap.com-0001/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/techcomputerworld.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/izquierdaanarkista.info/fullchain.pem expires on 2019-03-06 (skipped)
No renewals were attempted.


I think it works correctly, thank you for your help!, I learned something new today, regards.


#4

Yep, your configuration looks good - Grade A - https://check-your-website.server-daten.de/?q=gamesyap.com

And your certificate is from 2018-12-04, so it’s active.