Renew is failing


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://sandbox.installio.com

I ran this command: certbot renew

It produced this output:


Processing /etc/letsencrypt/renewal/sandbox.installio.com.conf


Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 439, in init
self._check_symlinks()
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 498, in _check_symlinks
“expected {0} to be a symlink”.format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/sandbox.installio.com/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/sandbox.installio.com.conf is broken. Skipping.


No renewals were attempted.

Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/sandbox.installio.com.conf (parsefail)


0 renew failure(s), 1 parse failure(s)

My web server is (include version):

Server version: Apache/2.4.7 (Ubuntu)
Server built: Apr 18 2018 15:36:26

The operating system my web server runs on is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty

My hosting provider, if applicable, is:

I am self-hosting on and AWS instance

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I am using a terminal to login to my site


#2

Did you happen to modify the files or directory structures inside of /etc/letsencrypt? This error indicates that someone or something modified the live directory to contain actual files instead of symlinks.


#3

I did not modify any of the files. Do you think this could be fixed, or should I start from scratch? If so, how do I uninstall everything?


#4

Hi @josephmo

you can try the update_symlinks - command:

certbot update_symlinks

Recreate symlinks in your /etc/letsencrypt/live/ directory


#5

I received the same error message


#6

Did you checked the documentation?

You have to check your renewal configuration files:

If the contents of /etc/letsencrypt/archive/CERTNAME are moved to a new folder, first specify the new folder’s name in the renewal configuration file, then run certbot update_symlinks to point the symlinks in /etc/letsencrypt/live/CERTNAME to the new folder.

and some more.