Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mort11.org-0001.conf
-------------------------------------------------------------------------------
expected /etc/letsencrypt/live/mort11.org-0001/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/mort11.org-0001.conf is broken. Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mort11.org.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for mort11.org
tls-sni-01 challenge for alumni.mort11.org
tls-sni-01 challenge for dev.mort11.org
tls-sni-01 challenge for gitlab.mort11.org
tls-sni-01 challenge for mort11.com
tls-sni-01 challenge for orders.mort11.org
tls-sni-01 challenge for shop.mort11.org
tls-sni-01 challenge for webcast.mort11.org
tls-sni-01 challenge for wiki.mort11.org
tls-sni-01 challenge for www.mort11.com
tls-sni-01 challenge for www.mort11.org
nginx: [warn] conflicting server name "mort11.org" on 0.0.0.0:443, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "mort11.org" on 0.0.0.0:443, ignored
Attempting to renew cert (mort11.org) from /etc/letsencrypt/renewal/mort11.org.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: alumni.mort11.org,dev.mort11.org,gitlab.mort11.org,mort11.com,mort11.org,orders.mort11.org,shop.mort11.org,webcast.mort11.org,wiki.mort11.org,www.mort11.com,www.mort11.org. Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mort11.org-0002.conf
-------------------------------------------------------------------------------
expected /etc/letsencrypt/live/mort11.org-0002/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/mort11.org-0002.conf is broken. Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mort11.org-0003.conf
-------------------------------------------------------------------------------
expected /etc/letsencrypt/live/mort11.org-0003/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/mort11.org-0003.conf is broken. Skipping.
All renewal attempts failed. The following certs could not be renewed :
/etc/letsencrypt/live/mort11.org/fullchain.pem (failure)
Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/mort11.org-0001.conf (parsefail)
/etc/letsencrypt/renewal/mort11.org-0002.conf (parsefail)
/etc/letsencrypt/renewal/mort11.org-0003.conf (parsefail)
1 renew failure(s), 3 parse failure(s)
My web server is (include version):
nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS
My hosting provider, if applicable, is:
Digital ocean
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
I have been using this for about a year now and never had any problems but the certificate is going to expire and when I went to renew it I got this error.
One problem that you may be encountering is that you apparently have several different overlapping certificates managed by Certbot. You can find out about these certificates by running certbot certificates.
However, it also looks like you’ve been tampering with the file structure in /etc/letsencrypt/live by moving or renaming things. Do you have a recollection of having done that? This may have broken some of your certificate lineages so that Certbot is no longer able to renew them.
As far as I know we have not touched anything in /etc/letsencrypt/live but we have been doing some work on the site and something may have been changed accidentally
When I ran certbot certificates this is the output I got
Renewal configuration file /etc/letsencrypt/renewal/mort11.org-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/mort11.org-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/mort11.org-0002.conf produced an unexpected error: expected /etc/letsencrypt/live/mort11.org-0002/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/mort11.org-0003.conf produced an unexpected error: expected /etc/letsencrypt/live/mort11.org-0003/cert.pem to be a symlink. Skipping.
The following renewal configuration files were invalid:
/etc/letsencrypt/renewal/mort11.org-0001.conf
/etc/letsencrypt/renewal/mort11.org-0002.conf
/etc/letsencrypt/renewal/mort11.org-0003.conf
I have no idea what this output means, I know very little about letsencrypt because the person who set it up is no longer available to help and this is the first time something went wrong since they left.
This sounds like someone tried to restore a backup or transfer the configuration from one system to another using a backup method that doesn’t preserve symlink structure.
Maybe someone deleted old certificates from /etc/letsencrypt/live/ but not /etc/letsencrypt/renewal/? (Unless that produces a different error message.)
@windyGiant, could you run “ls -l /etc/letsencrypt/archive /etc/letsencrypt/live /etc/letsencrypt/live/mort11.org-0001 /etc/letsencrypt/renewal”?