Renew Expired Cert Failure

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:dtexg.com

I ran this command: First I tried certbot renew, then I ran certbot --force-renewal

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

No renewals were attempted.

My web server is (include version):nginx version: nginx/1.18.0

The operating system my web server runs on is (include version):
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.9.0

I notice the pem files in in live have symbolic links to archive, which seems right. The renewal folder is empty.

2

I'm pretty sure that's not all the output of certbot. If it actually is, please paste the log file.

That should not be the case. For every certificate in /live/ there should be a renewal configuration file in the renewal folder. Did something perhaps delete them? Certbot cannot renew a certificate without the renewal configuration file.

3

Not sure why there is no conf file, can I hand create a conf file in the renewal folder?

4

That's possible, but it's easier just to recreate your certificate the same way you did for the first time. You can force a certificate name (the same name as the directories in the /live/ directory) with --cert-name, so you would end up with double certificates.

5

Please show:
certbot certificates

6

certs is live folder

root@ip-10-17-10-165 letsencrypt]# ls -al live/dtexg.com/
total 4
drwxr-xr-x. 3 root root 121 Oct 16 15:02 .
drwx------. 3 root root  37 Jul 13 14:41 ..
lrwxrwxrwx. 1 root root  33 Sep 22 18:25 cert.pem -> ../../archive/dtexg.com/cert3.pem
lrwxrwxrwx. 1 root root  34 Sep 22 18:25 chain.pem -> ../../archive/dtexg.com/chain3.pem
drwx------. 3 root root  17 Oct 16 15:02 dl.fedoraproject.org
lrwxrwxrwx. 1 root root  38 Sep 22 18:25 fullchain.pem -> ../../archive/dtexg.com/fullchain3.pem
lrwxrwxrwx. 1 root root  36 Sep 22 18:25 privkey.pem -> ../../archive/dtexg.com/privkey3.pem
-rw-r--r--. 1 root root 692 Mar 24  2020 README

output from certbot certificates cmd

[root@ip-10-17-10-165 letsencrypt]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7

Well then you can forget about what it has.
It thinks it is empty.
You should just start from there and get a new cert.

8

There is nothing for it to renew (despite the fact that it has a cert in the live folder).

That leaves you with just:
certbot

9

Ty all, files were moved to the new server and the conf file must not have been copied over (and the old server is gone). But I was able to manually create the conf file and certbot rewnew worked like a charm.

2 Likes
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.