Problems with certbot renew

On Alma-86 certbot --version gives me 1,22.0 and that's where I get the error

On Hermes certbot --version give me 1.22.0 and this IS working

I only installed these certificates a month or so ago. So please explain:
(a) How I have an out of date version?
(b) Why both servers have the identical versions and were installed within 30 days of each other and one works and the other doesn't?

So upgrading is NOT going to solve the problem. Quo vadis?

(A) The out-of-date version applies to the account being used:

Account at /etc/letsencrypt/accounts/ does not exist

[which is also not found/missing]

(B) Because one seems to have been previously used and not completely wiped before install/upgrade.


So where does that leave me? I still have no clue how to fix it. The documents that the other poster refers to are meaningless. I repeat I am NOT a Linux expert (or lover). I've got it and I have to live with it. You can't go from being able to install Centos and a few programs to a Linux Guru overnight, especially at 81.

I'm just annoyed that yet again, I have to get hold of some Linux thing that DOESN'T WORK.
All I get for it is a link to an aricle which may as well be written in Chinese.

We are not sure either. The acme-v01 endpoint has not been used for some time. And, you seem to have started using Let's Encrypt only in last few months. You shouldn't have any references to that endpoint. It is almost as if someone modified it manually.

Can you show contents of this file.


and, also output of these

ls -l /etc/letsencrypt/renewal
ls -l /etc/letsencrypt/accounts
# renew_before_expiry = 30 days
version = 1.22.0
archive_dir = /etc/letsencrypt/archive/
cert = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

# Options used in the renewal process
authenticator = apache
account = 1b757b9724299c0f5ab3269e0c9cd7b4
server =
[root@alma-86 ~]# ls -l /etc/letsencrypt/renewal
total 12
-rw-r--r-- 1 root root 585 Sep 28 13:55
-rw-r--r-- 1 root root 625 Sep 28 13:53
-rw-r--r-- 1 root root 625 Sep 28 13:54
[root@alma-86 ~]# ls -l /etc/letsencrypt/accounts
total 0
drwx------ 3 root root 23 Jul 27 14:47
drwx------ 3 root root 23 Jul 27 14:29

Hmm. I don't see any reason for the acme-v01. What does this command show?

certbot renew --cert-name --dry-run

Can we see this file?:


It is in post #25 Rudy (see as response to #24)


Congratulations all certificates can be renewed (I already told you that).

And, then this (again). Please show the output

certbot renew --cert-name 

Note I noticed that something touched your renewal conf files very recently. So, commands may behave differently and I need to verify step by step. So, please can the snark.


I missed the file content; as it wasn't labled...

This account:

doesn't match the error account:

I don't know what's going on.
I say:

  • remove the whole /etc/letsencrypt/ directory
  • restore it from a known working backup [or from a copy from another working system]
    [if that's not possible, then just reissue brand new certs]

Me neither. I'll restore a backup which was working. We had a power failure a week or more ago. I'll restore before the power failure and see what happens.

I'll do it tomorrow.


I'm out of words. I have no idea what's going on now.
Logwatch this morning:

 **Unmatched Entries**
    Reloading The Apache HTTP Server.: 5 Time(s)
    certbot-renew.service: Failed with result 'exit-code'.: 1 Time(s)
    certbot-renew.service: Main process exited, code=exited, status=1/FAILURE: 1 Time(s)
    certbot-renew.service: Succeeded.: 1 Time(s)

A few minutes ago I get this:

Hello, Your certificate (or certificates) for the names listed below will expire in 13 days (on 13 Oct 22 11:39 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details. For details about when we send these emails, please visit: Expiration Emails - Let's Encrypt In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message. For any questions or support, please visit: Unfortunately, we can't provide support by email. If you are receiving this email in error, unsubscribe at: You've been unsubscribed Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates. Regards, The Let's Encrypt Team

What is going on?

Has any of that happened?


I was going to do a restore, but when I saw the log, I didn't, so I've done nothing, nada, zip, fokal.

Seems that something is cocked up on your end when you didn't retire the old whatever it was properly. I wonder what to do now and how many more times this sort of thing is going to happen. We have to worry about bugs in your system it seems.

What should I do now, wait to see what tomorrows logwatch says? Reinstall the entire thing? Renew the certificates? Start over and reinstall the entire system?

When do you plan to 'retire' this version that doesn't retire properly?

@HankM are you aware most of the LE community are volunteer help, only the LE Staff are the nonprofit organization that run this Free Certificate Authority.


This may well be true and it is appreciated, but as my great grandfather used to say.

"If a job's worth doing, it's worth doing well."

Retiring code that's not backward compatible before you KNOW there are no repercussions seems like a really good idea to me.

Imagine if Microsoft did that and systems were upgraded and nothing worked a few days later and no one knew why. What do you think would happen?

They would be what they are today. :frowning:


No, I can still run all my Win 7 and even XP apps on Windows 10. Not that I like M$.

Bill Gates did more harm to computing then anything else and he's getting worse.

It's just a shame that Linux is so damn user unfriendly. Accidental or deliberate?

@HankM you could change from Let's Encryt as the Certicate Authoriy to another, probably ACME based, Certificate Authority for a possible solution for your issue.