Renewal configuration file ***.conf is broken. Skipping

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:gitlab2.west-coast.wales

I ran this command:sudo certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/gitlab2.west-coast.wales.conf


Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3/dist-packages/certbot/storage.py", line 463, in init
self._check_symlinks()
File "/usr/lib/python3/dist-packages/certbot/storage.py", line 522, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/gitlab2.west-coast.wales/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/gitlab2.west-coast.wales.conf is broken. Skipping.


No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/gitlab2.west-coast.wales.conf (parsefail)


0 renew failure(s), 1 parse failure(s)

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.31.0

1 Like

Question is: what happened to the symbolic link?

3 Likes

I have no idea, also the /etc/letsencrypt/live folder only holds a README file!

1 Like

Also there have been no errors over the last 2 years with auto renewing every 2 months

1 Like

That's very weird and warrants further inspection of why that directory is suddenly empty (except for the README).

Is the /archive/ directory still filled with the usual stuff?

3 Likes

No, that is empty as well!

Well, that's weird. My advice:

  • find out why those directories are suddenly empty, but /renewal/ isn't;
  • Retreive the contents of the empty directories from a recent backup.
4 Likes

Is there any option to re-install? We only backup user data not system files.

You can run certbot again as if it were a brand new certificate. That's the quickest option.

4 Likes

Thanks, I'll look that up and see how to do it.

1 Like

If you don't remember all of the used configuration options, there are hints in the renewal configuration file. Such as the entry installer = apache would mean the apache installer plugin was used.

4 Likes

Ok, looks like mine is Nginx

1 Like

All sorted now, the person who set this up has left the company and I hadn't realised certificate handling was inside gitlab itself! Updated gitlab to the latest version and it renewed the certificate itself. Thanks for your help Osiris, much appreciated.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.