Renew Expired Cert Failure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:dtexg.com

I ran this command: First I tried certbot renew, then I ran certbot --force-renewal

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log


No renewals were attempted.


My web server is (include version):nginx version: nginx/1.18.0

The operating system my web server runs on is (include version):
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.9.0

I notice the pem files in in live have symbolic links to archive, which seems right. The renewal folder is empty.

I'm pretty sure that's not all the output of certbot. If it actually is, please paste the log file.

That should not be the case. For every certificate in /live/ there should be a renewal configuration file in the renewal folder. Did something perhaps delete them? Certbot cannot renew a certificate without the renewal configuration file.

Not sure why there is no conf file, can I hand create a conf file in the renewal folder?

That's possible, but it's easier just to recreate your certificate the same way you did for the first time. You can force a certificate name (the same name as the directories in the /live/ directory) with --cert-name, so you would end up with double certificates.

Please show:
certbot certificates

certs is live folder

root@ip-10-17-10-165 letsencrypt]# ls -al live/dtexg.com/
total 4
drwxr-xr-x. 3 root root 121 Oct 16 15:02 .
drwx------. 3 root root  37 Jul 13 14:41 ..
lrwxrwxrwx. 1 root root  33 Sep 22 18:25 cert.pem -> ../../archive/dtexg.com/cert3.pem
lrwxrwxrwx. 1 root root  34 Sep 22 18:25 chain.pem -> ../../archive/dtexg.com/chain3.pem
drwx------. 3 root root  17 Oct 16 15:02 dl.fedoraproject.org
lrwxrwxrwx. 1 root root  38 Sep 22 18:25 fullchain.pem -> ../../archive/dtexg.com/fullchain3.pem
lrwxrwxrwx. 1 root root  36 Sep 22 18:25 privkey.pem -> ../../archive/dtexg.com/privkey3.pem
-rw-r--r--. 1 root root 692 Mar 24  2020 README

output from certbot certificates cmd

[root@ip-10-17-10-165 letsencrypt]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Well then you can forget about what it has.
It thinks it is empty.
You should just start from there and get a new cert.

There is nothing for it to renew (despite the fact that it has a cert in the live folder).

That leaves you with just:
certbot

Ty all, files were moved to the new server and the conf file must not have been copied over (and the old server is gone). But I was able to manually create the conf file and certbot rewnew worked like a charm.

2 Likes