Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
we-dev.applaud.work
I ran this command:
sudo certbot renew
--server https://acme-v02.api.letsencrypt.org/directory
--work-dir /home/ubuntu/certs
--logs-dir /home/ubuntu/certs
--config-dir /home/ubuntu/certs
--webroot -w /home/ubuntu/certs/www
--preferred-challenges http
It produced this output:
Processing /home/ubuntu/certs/renewal/we-dev.applaud.work.conf
updating legacy http01_port value
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for we-dev.applaud.work
Attempting to renew cert (we-dev.applaud.work) from /home/ubuntu/certs/renewal/we-dev.applaud.work.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: KeyID header contained an invalid account URL: "https://acme-v02.api.letsencrypt.org/acme/reg/ba5f0d3746ef919defc6730ebf814de4". Skipping.
My web server is (include version):
Nginx
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot --version
certbot 1.10.1 (snapd installed version)
It appears something went wrong with the migration of your Let's Encrypt account from ACMEv1 to ACMEv2.
The first thing I recommend you do is back up your Certbot files:
sudo tar cf /root/certbot.tar /etc/letsencrypt/
Based on a couple of tests, I think you should be able to fix your "invalid account URL" problem by unregistering and reregistering your Let's Encrypt account:
I would add an extra step after unregister.
List the entire /etc/letsencrypt/ folder: ls -lR /etc/letsencrypt/
[I think we may find something in there of interest]
If not, then also list this folder:
I missed this at first too, but if --config-dir /home/ubuntu/certs is set on the command line, the contents of /etc/letsencrypt shouldn't really be relevant and other Certbot commands need the same flag for them to have an effect on the right files.
@sateesh, to build on and adapt the suggestions above a bit, can you: