I am installing Bitwarden which offers Letsencrypt certificate creation and renewal. During starting Bitwarden it attempts to renew certificates and throws error.

My domain is: bitwarden.padlinux.com

I ran this command:
./bitwarden.sh start
It produced this output:
Pulling mssql … done
Pulling web … done
Pulling attachments … done
Pulling api … done
Pulling identity … done
Pulling sso … done
Pulling admin … done
Pulling icons … done
Pulling notifications … done
Pulling events … done
Pulling nginx … done
Using default tag: latest
latest: Pulling from certbot/certbot
Digest: sha256:d13d98ebf10c37e864da33f89585dfc712185fca0b6740d956106f64d467ee6a
Status: Image is up to date for certbot/certbot:latest
docker.io/certbot/certbot:latest

Processing /etc/letsencrypt/renewal/bitwarden.mydomainhere.com.conf

Saving debug log to /etc/letsencrypt/logs/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/bitwarden.mydomainhere.com.conf is broken.
The error was: target /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem of symlink /etc/letsencrypt/live/bitwarden.mydomainhere.com/cert.pem does not exist
Skipping.
0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /etc/letsencrypt/logs/letsencrypt.log or re-run Certbot with -v for more details.

No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/bitwarden.mydomainhere.com.conf (parsefail)

although the files are Symlink

lrwxrwxrwx. 1 root root 65 4. Apr 08:11 cert.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem
lrwxrwxrwx. 1 root root 66 4. Apr 08:12 chain.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/chain1.pem
lrwxrwxrwx. 1 root root 70 4. Apr 08:12 fullchain.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/fullchain1.pem
lrwxrwxrwx. 1 root root 68 4. Apr 08:12 privkey.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/privkey1.pem

Following is the log:

cat ~/bwdata/letsencrypt/logs/letsencrypt.log

2022-04-04 12:07:06,569:DEBUG:certbot._internal.main:certbot version: 1.25.0
2022-04-04 12:07:06,569:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2022-04-04 12:07:06,569:DEBUG:certbot._internal.main:Arguments: [’–logs-dir’, ‘/etc/letsencrypt/logs’]
2022-04-04 12:07:06,569:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-04-04 12:07:06,581:DEBUG:certbot._internal.log:Root logging level set at 30
2022-04-04 12:07:06,582:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/bitwarden.mydomainhere.com.conf
2022-04-04 12:07:06,582:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/bitwarden.mydomainhere.com.conf is broken.
2022-04-04 12:07:06,582:ERROR:certbot._internal.renewal:The error was: target /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem of symlink /etc/letsencrypt/live/bitwarden.mydomainhere.com/cert.pem does not exist
Skipping.
2022-04-04 12:07:06,583:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File “/opt/certbot/src/certbot/certbot/_internal/renewal.py”, line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/opt/certbot/src/certbot/certbot/_internal/storage.py”, line 504, in init
self._check_symlinks()
File “/opt/certbot/src/certbot/certbot/_internal/storage.py”, line 581, in _check_symlinks
raise errors.CertStorageError("target {0} of symlink {1} does "
certbot.errors.CertStorageError: target /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem of symlink /etc/letsencrypt/live/bitwarden.mydomainhere.com/cert.pem does not exist

2022-04-04 12:07:06,583:DEBUG:certbot._internal.display.obj:Notifying user:

2022-04-04 12:07:06,583:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-04-04 12:07:06,583:DEBUG:certbot._internal.display.obj:Notifying user:
Additionally, the following renewal configurations were invalid:
2022-04-04 12:07:06,583:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/renewal/bitwarden.mydomainhere.com.conf (parsefail)
2022-04-04 12:07:06,583:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-04-04 12:07:06,583:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/local/bin/certbot”, line 33, in
sys.exit(load_entry_point(‘certbot’, ‘console_scripts’, ‘certbot’)())
File “/opt/certbot/src/certbot/certbot/main.py”, line 19, in main
return internal_main.main(cli_args)
File “/opt/certbot/src/certbot/certbot/_internal/main.py”, line 1715, in main
return config.func(config, plugins)
File “/opt/certbot/src/certbot/certbot/_internal/main.py”, line 1601, in renew
renewal.handle_renewal_request(config)
File “/opt/certbot/src/certbot/certbot/_internal/renewal.py”, line 510, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
2022-04-04 12:07:06,584:ERROR:certbot._internal.log:0 renew failure(s), 1 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version): AlmaLinux 8.5

My hosting provider, if applicable, is: Google domain

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): :certbot version: 1.25.0

Other information:

bitwarden.sh version 1.47.1
Docker version 20.10.14, build a224086
docker-compose version 1.29.2, build 5becea4c

Besides the files in /live/ being a symlink, the target of those symlinks need to exist too, which does not appear to be the case. Or perhaps permission issues at the target?

Hi @Ahmed4, and welcome to the LE community forum

Did you happen to change, or move, the symlinks created by certbot?

I am doing the migration. I recreated Symlink it they were in previous server.As can be seen below
lrwxrwxrwx. 1 root root 65 4. Apr 08:11 cert.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem
lrwxrwxrwx. 1 root root 66 4. Apr 08:12 chain.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/chain1.pem
lrwxrwxrwx. 1 root root 70 4. Apr 08:12 fullchain.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/fullchain1.pem
lrwxrwxrwx. 1 root root 68 4. Apr 08:12 privkey.pem → /root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/privkey1.pem

Yes .pem files do exist in archive. i have checked them too

Normally we would see it like this:

lrwxrwxrwx. 1 root root 65 4. Apr 08:11 cert.pem →
../../archive/bitwarden.mydomainhere.com/cert1.pem

Which would resolve as:
/etc/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem
NOT:
/root/bwdata/letsencrypt/archive/bitwarden.mydomainhere.com/cert1.pem

But in case of Bitwarden which is composed of docker and that's how the path looks like.

I work around and found the problem was with permission and broken link after fixing them the certficate renewal worked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.