Renew fails on OpenSUSE, doesn't read conf file

I ran this command: certbot renew

It produced this output:

2017-01-24 02:07:04,831:DEBUG:certbot.main:Root logging level set at 20
2017-01-24 02:07:04,831:INFO:certbot.main:Saving debug log to /var/log/certbot/letsencrypt.log
2017-01-24 02:07:04,831:DEBUG:certbot.main:certbot version: 0.10.1
2017-01-24 02:07:04,831:DEBUG:certbot.main:Arguments: []
2017-01-24 02:07:04,832:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,Plugi
2017-01-24 02:07:04,833:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.10.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/”, line 849, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/”, line 655, in renew
File “/usr/lib/python2.7/site-packages/certbot/”, line 347, in handle_renewal_request
raise errors.Error("Currently, the renew verb is capable of either "
Error: Currently, the renew verb is capable of either renewing all installed certificates that are due to be
renewed or renewing a single certificate specified by its name. If you would like to renew specific certifi
cates by their domains, use the certonly command. The renew verb may provide other options for selecting cer
tificates to renew in the future.

My operating system is (include version): OpenSuSE 13.1

My web server is (include version): Apache 2.4.6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi @turnops, do you perhaps have a cli.ini file that specifies domains? I think that could cause this error.

That’s it! Commenting out the ‘domains’ line in cli.ini does the job.

Thanks a lot

Great! Could you tell me if you got the idea for specifying domains there from any online documentation or tutorial? For various reasons I don’t think it’s a good idea but quite a number of users have done it, and I’m wondering if there’s an online resource that recommends it or does it as part of an example configuration.

I’m afraid I can’t be very helpful here, I really don’t remember why I did it. The comment in cli.ini reads “Uncomment and update to generate certificates for the specified domains.” So maybe I inserted my domains by just reading this comment or by reading some docs elsewhere.

Thanks! I’m going to suggest that we remove that comment in cli.ini especially because of the likelihood of triggering this bug.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.