Renewal configuration file ***.conf is broken. Skipping

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:sudo certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/", line 67, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3/dist-packages/certbot/", line 463, in init
File "/usr/lib/python3/dist-packages/certbot/", line 522, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/ to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.

No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/ (parsefail)

0 renew failure(s), 1 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.31.0

1 Like

Question is: what happened to the symbolic link?


I have no idea, also the /etc/letsencrypt/live folder only holds a README file!

1 Like

Also there have been no errors over the last 2 years with auto renewing every 2 months

1 Like

That's very weird and warrants further inspection of why that directory is suddenly empty (except for the README).

Is the /archive/ directory still filled with the usual stuff?


No, that is empty as well!

Well, that's weird. My advice:

  • find out why those directories are suddenly empty, but /renewal/ isn't;
  • Retreive the contents of the empty directories from a recent backup.

Is there any option to re-install? We only backup user data not system files.

You can run certbot again as if it were a brand new certificate. That's the quickest option.


Thanks, I'll look that up and see how to do it.

1 Like

If you don't remember all of the used configuration options, there are hints in the renewal configuration file. Such as the entry installer = apache would mean the apache installer plugin was used.


Ok, looks like mine is Nginx

1 Like

All sorted now, the person who set this up has left the company and I hadn't realised certificate handling was inside gitlab itself! Updated gitlab to the latest version and it renewed the certificate itself. Thanks for your help Osiris, much appreciated.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.