Recovering renewal directory conf files?

schmanks · June 28, 2016, 7:28pm

I have hundreds of domains successfully created as well as renewed in the past. We are symlinking our webserver to the archive & live dirs, and thus have those two directories versioned in Git, elsewhere. Unfortunately, we did not have a backup of the rest of the contents under /etc/letsencrypt, and recently our host machine crashed. When I attempt a renewal of my domains now, it fails because, I believe, all the .conf files under the ‘renewals’ directory are missing. =/ I was wondering if there’s any way to work backward (via a script?) to regenerate the "renewals/.conf" files since I still have all the contents under “archive” and “live” or recover them all from elsewhere, so I can renew these 500+ valid certificates?

I ran this command:
./letsencrypt-auto renew

It produced this output:
No renewals were attempted.

My operating system is (include version):
Ubuntu 14.04.3 LTS

My web server is (include version):
Using Apache, HAProxy, and Nginx for various domains

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

cool110 · June 28, 2016, 7:45pm

Your best option will probably be to obtain the certs again as if it was the 1st time (e.g. with certonly) which will recreate all the .conf files.

schoen · June 29, 2016, 12:31am

You could write a script that would recreate them, but it might be a lot of research to figure out exactly what they should look like. As @cool110 says, it might be easier to get them from scratch, although it’s still some doing to make sure they’ll end up in the same place on disk again!

Whichever approach you try, you could get information about the lineage contents via

cd /etc/letsencrypt/archive ; for i in *; do latest=$(ls "$i"/cert*.pem | sort -V | tail -1); echo -n "$i: "; openssl x509 -in "$latest" -text -noout | awk '/^ {12}X509v3 Subject Alternative Name: $/, /^ {12}X509v3 Certificate Policies: $/ {print}' | grep DNS | sed 's/^ *DNS://; s/, DNS:/ /g' | tr -d '\n'; echo; done

That will output one line per lineage stating the lineage name and the subject names in the most recent certificate in the lineage.

system · July 29, 2016, 12:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.