Renewal configuration file is broken

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
backend.rassystem.com.br

I ran this command:
certbot renew --deploy-hook /usr/local/bin/renew-certificado-ssl.sh --post-hook "/etc/init.d/rasng-core restart"

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/backend.rassystem.com.br.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py", line 71, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/storage.py", line 451, in __init__
    "file reference".format(self.configfile))
CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/backend.rassystem.com.br.conf is broken. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py", line 71, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/storage.py", line 451, in __init__
    "file reference".format(self.configfile))
CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf is broken. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
No hooks were run.

Additionally, the following renewal configurations were invalid: 
  /etc/letsencrypt/renewal/backend.rassystem.com.br.conf (parsefail)
  /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf (parsefail)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 renew failure(s), 2 parse failure(s)

My web server is (include version):
jetty embedded in dropwizard

The operating system my web server runs on is (include version):
Amazon Linux release 2 (Karoo)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

ls -lR /etc/letsencrypt:

[ec2-user@prod-rasng-core ~]$ sudo ls -lR /etc/letsencrypt
/etc/letsencrypt:
total 0
drwx------ 3 root root  42 fev  9 08:14 accounts
drwx------ 4 root root  74 fev  9 08:18 archive
drwxr-xr-x 2 root root 230 mai 18 08:16 csr
drwx------ 2 root root 230 mai 18 08:16 keys
drwx------ 4 root root  88 fev  9 08:18 live
drwxr-xr-x 2 root root  84 mai 18 08:17 renewal
drwxr-xr-x 5 root root  43 fev  9 08:14 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root 23 fev  9 08:14 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 46 fev  9 08:14 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 0
drwx------ 2 root root 64 fev  9 08:14 b42a7bfc965e2958023edb76d620eb7c

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/b42a7bfc965e2958023edb76d620eb7c:
total 12
-rw-r--r-- 1 root root   86 fev  9 08:15 meta.json
-r-------- 1 root root 1632 fev  9 08:14 private_key.json
-rw-r--r-- 1 root root   79 fev  9 08:14 regr.json

/etc/letsencrypt/archive:
total 0
drwxr-xr-x 2 root root 160 abr 12 18:02 backend.rassystem.com.br
drwxr-xr-x 2 root root 160 abr 12 18:02 backend.uat.rassystem.com.br

/etc/letsencrypt/archive/backend.rassystem.com.br:
total 32
-rw-r--r-- 1 root root 1866 fev  9 08:18 cert1.pem
-rw-r--r-- 1 root root 1866 abr 12 18:02 cert2.pem
-rw-r--r-- 1 root root 1586 fev  9 08:18 chain1.pem
-rw-r--r-- 1 root root 1586 abr 12 18:02 chain2.pem
-rw-r--r-- 1 root root 3452 fev  9 08:18 fullchain1.pem
-rw-r--r-- 1 root root 3452 abr 12 18:02 fullchain2.pem
-rw------- 1 root root 1704 fev  9 08:18 privkey1.pem
-rw------- 1 root root 1704 abr 12 18:02 privkey2.pem

/etc/letsencrypt/archive/backend.uat.rassystem.com.br:
total 32
-rw-r--r-- 1 root root 1879 fev  9 08:15 cert1.pem
-rw-r--r-- 1 root root 1879 abr 12 18:02 cert2.pem
-rw-r--r-- 1 root root 1586 fev  9 08:15 chain1.pem
-rw-r--r-- 1 root root 1586 abr 12 18:02 chain2.pem
-rw-r--r-- 1 root root 3465 fev  9 08:15 fullchain1.pem
-rw-r--r-- 1 root root 3465 abr 12 18:02 fullchain2.pem
-rw------- 1 root root 1708 fev  9 08:15 privkey1.pem
-rw------- 1 root root 1704 abr 12 18:02 privkey2.pem

/etc/letsencrypt/csr:
total 32
-rw-r--r-- 1 root root 944 fev  9 08:14 0000_csr-certbot.pem
-rw-r--r-- 1 root root 936 fev  9 08:17 0001_csr-certbot.pem
-rw-r--r-- 1 root root 936 abr 12 18:01 0002_csr-certbot.pem
-rw-r--r-- 1 root root 944 abr 12 18:02 0003_csr-certbot.pem
-rw-r--r-- 1 root root 936 abr 12 18:11 0004_csr-certbot.pem
-rw-r--r-- 1 root root 944 abr 12 18:17 0005_csr-certbot.pem
-rw-r--r-- 1 root root 944 mai 18 08:15 0006_csr-certbot.pem
-rw-r--r-- 1 root root 936 mai 18 08:16 0007_csr-certbot.pem

/etc/letsencrypt/keys:
total 32
-rw------- 1 root root 1708 fev  9 08:14 0000_key-certbot.pem
-rw------- 1 root root 1704 fev  9 08:17 0001_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:01 0002_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:02 0003_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:11 0004_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:17 0005_key-certbot.pem
-rw------- 1 root root 1704 mai 18 08:15 0006_key-certbot.pem
-rw------- 1 root root 1708 mai 18 08:16 0007_key-certbot.pem

/etc/letsencrypt/live:
total 4
drwxr-xr-x 2 root root  93 abr 12 18:02 backend.rassystem.com.br
drwxr-xr-x 2 root root  93 abr 12 18:02 backend.uat.rassystem.com.br
-rw-r--r-- 1 root root 740 fev  9 08:15 README

/etc/letsencrypt/live/backend.rassystem.com.br:
total 4
lrwxrwxrwx 1 root root  48 abr 12 18:02 cert.pem -> ../../archive/backend.rassystem.com.br/cert2.pem
lrwxrwxrwx 1 root root  49 abr 12 18:02 chain.pem -> ../../archive/backend.rassystem.com.br/chain2.pem
lrwxrwxrwx 1 root root  53 abr 12 18:02 fullchain.pem -> ../../archive/backend.rassystem.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  51 abr 12 18:02 privkey.pem -> ../../archive/backend.rassystem.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 fev  9 08:18 README

/etc/letsencrypt/live/backend.uat.rassystem.com.br:
total 4
lrwxrwxrwx 1 root root  52 abr 12 18:02 cert.pem -> ../../archive/backend.uat.rassystem.com.br/cert2.pem
lrwxrwxrwx 1 root root  53 abr 12 18:02 chain.pem -> ../../archive/backend.uat.rassystem.com.br/chain2.pem
lrwxrwxrwx 1 root root  57 abr 12 18:02 fullchain.pem -> ../../archive/backend.uat.rassystem.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  55 abr 12 18:02 privkey.pem -> ../../archive/backend.uat.rassystem.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 fev  9 08:15 README

/etc/letsencrypt/renewal:
total 0
-rw-r--r-- 1 root root 0 mai 18 08:17 backend.rassystem.com.br.conf
-rw-r--r-- 1 root root 0 mai 18 08:15 backend.uat.rassystem.com.br.conf

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 2 root root 6 fev  9 08:14 deploy
drwxr-xr-x 2 root root 6 fev  9 08:14 post
drwxr-xr-x 2 root root 6 fev  9 08:14 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0

/etc/letsencrypt/renewal-hooks/post:
total 0

/etc/letsencrypt/renewal-hooks/pre:
total 0

sudo certbot certificates:

[ec2-user@prod-rasng-core ~]$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/backend.rassystem.com.br.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/backend.rassystem.com.br.conf
  /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The files /etc/letsencrypt/renewal/backend.rassystem.com.br.conf and /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf are empty

2 Likes

The files are empty?
If not, try running certbot with sudo

2 Likes

Yes, this files are empty:

[ec2-user@prod-rasng-core ~]$ sudo cat /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf 
[ec2-user@prod-rasng-core ~]$ sudo cat /etc/letsencrypt/renewal/backend.rassystem.com.br.conf 
[ec2-user@prod-rasng-core ~]$ sudo ls -la /etc/letsencrypt/renewal/*
-rw-r--r-- 1 root root 0 mai 18 08:17 /etc/letsencrypt/renewal/backend.rassystem.com.br.conf
-rw-r--r-- 1 root root 0 mai 18 08:15 /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf

2 Likes

That is a problem.
Certbot expects them NOT to be empty...
I'm not sure how to recreate those file - maybe someone else here can help: @lestaff @griffin

2 Likes

Welcome to the Let's Encrypt Community, Paulo :slightly_smiling_face:

Unfortunately, the renewal configuration files will need to be recreated. The easiest way to do so is to delete the existing certificates and acquire new ones. It's unusual to have a post hook without a pre hook. Most setups only use a deploy hook. It's also highly unusual to supply hook parameters to a renewal command that covers more than one certificate. However, since those hooks exist, I surmise that they probably copy/manipulate the new certificates in some fashion, which is helpful here because deleting the existing certificates might not break the webserver/application since the copies/alternates won't be deleted if they're outside the /etc/letsencrypt directory structure.

Based on the redirects I'm seeing for both domain names, I highly doubt http-01 challenges were being used, which leads me to believe that dns-01 challenges were being used. Given the hooks, we're almost certainly dealing with a certonly command.

What is the output of this command?

sudo cat /usr/local/bin/renew-certificado-ssl.sh

These commands will delete the existing certificates and cleanup their remnants:

sudo certbot delete --cert-name backend.rassystem.com.br
sudo certbot delete --cert-name backend.uat.rassystem.com.br
2 Likes

Okay, we use the deploy-hook because it needs to import keystore, and this must be done for each certificate renewed on this machine (there are two certificates), and at the end of the renewal of both certificates must restart the application "rasng-core", for this reason the --post-hook.

renew-certificado-ssl.sh

#!/bin/bash
#
# Script para renovação do certificado ssl para conexão segura https do rasng
# AS VARIAVEIS RENEWED_DOMAINS E RENEWED_LINEAGE VEM DO COMANDO certbot renew --deploy-hook
# ESSE SCRIPT SÓ VAI SER EXECUTADO QUANDO O certbot renew FOR RENOVAR O CERTIFICADO

DNS_CERT="echo ${RENEWED_DOMAINS} | cut -d' ' -f1"
DIR_APP="/usr/local/rasng-core"
PASS_CERT="**********"


echo "Atualizando Certificado: $DNS_CERT"
openssl pkcs12 -export \
	-in ${RENEWED_LINEAGE}/fullchain.pem \
	-inkey ${RENEWED_LINEAGE}/privkey.pem \
	-out /tmp/${DNS_CERT}.p12 \
	-name ${DNS_CERT} \
	-caname "Let's Encrypt Authority X3" \
	-password pass:${PASS_CERT}
keytool -noprompt -importkeystore \
	-deststorepass ${PASS_CERT} \
	-destkeypass ${PASS_CERT} \
	-deststoretype pkcs12 \
	-srckeystore /tmp/${DNS_CERT}.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass ${PASS_CERT} \
	-destkeystore /tmp/${DNS_CERT}.keystore \
	-alias ${DNS_CERT}
echo "Copiando '/tmp/${DNS_CERT}.keystore' para ${DIR_APP}/"
[ -f "${DIR_APP}/${DNS_CERT}.keystore" ] && mv -v ${DIR_APP}/${DNS_CERT}.keystore ${DIR_APP}/certs-old/${DNS_CERT}-$(date +%Y%m%d).keystore
cp -fv /tmp/${DNS_CERT}.keystore ${DIR_APP}/
echo "Removendo Certificado gerados"
rm /tmp/${DNS_CERT}.keystore
rm /tmp/${DNS_CERT}.p12
2 Likes

That all generally looks fine except for this part:

The "Let's Encrypt Authority X3" intermediate certificate was retired some time ago. All currently active certificates are issued from the "R3" intermediate certificate.


My original assumption was correct and thus you can safely delete the existing certificates using the commands that I gave you before. I am almost certain that each of these certificates only covers its nominal domain name, so we nearly have all of the pieces needed to construct the requisite certbot commands to rebuild the renewal configuration files. What remains is to determine which authentication method was used to verify control of the domain names.

Do you remember needing to manually enter TXT records into your DNS settings to acquire your previous certificates?

2 Likes

Right, thanks for the answer.

We use the commands to acquire our certificates:
certbot certonly --force-renewal --dns-route53 -d backend.rassystem.com.br
certbot certonly --force-renewal --dns-route53 -d backend.uat.rassystem.com.br

2 Likes

Be very careful with using --force

2 Likes

That makes much more sense than manual DNS authentication. I'm hoping that you still have the necessary credentials.

As @rg305 was warning, --force-renewal is extremely dangerous and wholly unnecessary in most situations.

Please add this line:

/etc/init.d/rasng-core restart

to the bottom of this file:

/usr/local/bin/renew-certificado-ssl.sh

then try these commands:

sudo certbot delete --cert-name backend.rassystem.com.br

sudo certbot delete --cert-name backend.uat.rassystem.com.br

sudo certbot certonly --dns-route53 -d "backend.rassystem.com.br" --deploy-hook /usr/local/bin/renew-certificado-ssl.sh

sudo certbot certonly --dns-route53 -d "backend.uat.rassystem.com.br" --deploy-hook /usr/local/bin/renew-certificado-ssl.sh

If all goes well, your renewal command will look something like this:

sudo certbot renew -q

2 Likes

An unexpected error occurred:

[ec2-user@prod-rasng-core ~]$ sudo certbot delete --cert-name backend.rassystem.com.br
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * backend.rassystem.com.br

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: yes
An unexpected error occurred:
TypeError: coercing to Unicode: need string or buffer, NoneType found
Please see the logfiles in /var/log/letsencrypt for more details.

/var/log/letsencrypt/letsencrypt.log:

[ec2-user@prod-rasng-core ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
2021-06-22 09:34:26,826:DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-06-22 09:34:26,827:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2021-06-22 09:34:26,827:DEBUG:certbot._internal.main:Arguments: ['--cert-name', 'backend.rassystem.com.br']
2021-06-22 09:34:26,827:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-22 09:34:26,844:DEBUG:certbot._internal.log:Root logging level set at 20
2021-06-22 09:34:26,844:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-22 09:34:31,548:DEBUG:certbot._internal.storage:Removed /etc/letsencrypt/renewal/backend.rassystem.com.br.conf
2021-06-22 09:34:31,549:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1057, in delete
    cert_manager.delete(config)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.py", line 104, in delete
    storage.delete_files(config, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/storage.py", line 350, in delete_files
    os.remove(link)
TypeError: coercing to Unicode: need string or buffer, NoneType found
2021-06-22 09:34:31,549:ERROR:certbot._internal.log:An unexpected error occurred:
2021-06-22 09:34:31,550:ERROR:certbot._internal.log:TypeError: coercing to Unicode: need string or buffer, NoneType found

Apparently deleted the config file /etc/letsencrypt/renewal/backend.rassystem.com.br.conf

[ec2-user@prod-rasng-core ~]$ ls -laht /etc/letsencrypt/renewal/
total 0
drwxr-xr-x 2 root root  47 jun 22 09:34 .
drwxr-xr-x 9 root root 108 jun 22 09:34 ..
-rw-r--r-- 1 root root   0 mai 18 08:15 backend.uat.rassystem.com.br.conf
[ec2-user@prod-rasng-core ~]$
2 Likes

Please run the other delete command as well then show the output of:

sudo ls -lRa /etc/letsencrypt

2 Likes

sudo certbot delete --cert-name backend.uat.rassystem.com.br:

[ec2-user@prod-rasng-core ~]$ sudo certbot delete --cert-name backend.uat.rassystem.com.br
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * backend.uat.rassystem.com.br

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: yes
An unexpected error occurred:
TypeError: coercing to Unicode: need string or buffer, NoneType found
Please see the logfiles in /var/log/letsencrypt for more details.
[ec2-user@prod-rasng-core ~]$ 

sudo ls -lRa /etc/letsencrypt:

[ec2-user@prod-rasng-core ~]$ sudo ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 12
drwxr-xr-x  9 root root  108 jun 22 14:16 .
drwxr-xr-x 91 root root 8192 jun 15 08:05 ..
drwx------  3 root root   42 fev  9 08:14 accounts
drwx------  4 root root   74 fev  9 08:18 archive
drwxr-xr-x  2 root root  230 mai 18 08:16 csr
drwx------  2 root root  230 mai 18 08:16 keys
drwx------  4 root root   88 fev  9 08:18 live
drwxr-xr-x  2 root root    6 jun 22 14:16 renewal
drwxr-xr-x  5 root root   43 fev  9 08:14 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root  42 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:16 ..
drwx------ 3 root root  23 fev  9 08:14 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 23 fev  9 08:14 .
drwx------ 3 root root 42 fev  9 08:14 ..
drwx------ 3 root root 46 fev  9 08:14 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 0
drwx------ 3 root root 46 fev  9 08:14 .
drwx------ 3 root root 23 fev  9 08:14 ..
drwx------ 2 root root 64 fev  9 08:14 b42a7bfc965e2958023edb76d620eb7c

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/b42a7bfc965e2958023edb76d620eb7c:
total 12
drwx------ 2 root root   64 fev  9 08:14 .
drwx------ 3 root root   46 fev  9 08:14 ..
-rw-r--r-- 1 root root   86 fev  9 08:15 meta.json
-r-------- 1 root root 1632 fev  9 08:14 private_key.json
-rw-r--r-- 1 root root   79 fev  9 08:14 regr.json

/etc/letsencrypt/archive:
total 0
drwx------ 4 root root  74 fev  9 08:18 .
drwxr-xr-x 9 root root 108 jun 22 14:16 ..
drwxr-xr-x 2 root root 160 abr 12 18:02 backend.rassystem.com.br
drwxr-xr-x 2 root root 160 abr 12 18:02 backend.uat.rassystem.com.br

/etc/letsencrypt/archive/backend.rassystem.com.br:
total 32
drwxr-xr-x 2 root root  160 abr 12 18:02 .
drwx------ 4 root root   74 fev  9 08:18 ..
-rw-r--r-- 1 root root 1866 fev  9 08:18 cert1.pem
-rw-r--r-- 1 root root 1866 abr 12 18:02 cert2.pem
-rw-r--r-- 1 root root 1586 fev  9 08:18 chain1.pem
-rw-r--r-- 1 root root 1586 abr 12 18:02 chain2.pem
-rw-r--r-- 1 root root 3452 fev  9 08:18 fullchain1.pem
-rw-r--r-- 1 root root 3452 abr 12 18:02 fullchain2.pem
-rw------- 1 root root 1704 fev  9 08:18 privkey1.pem
-rw------- 1 root root 1704 abr 12 18:02 privkey2.pem

/etc/letsencrypt/archive/backend.uat.rassystem.com.br:
total 32
drwxr-xr-x 2 root root  160 abr 12 18:02 .
drwx------ 4 root root   74 fev  9 08:18 ..
-rw-r--r-- 1 root root 1879 fev  9 08:15 cert1.pem
-rw-r--r-- 1 root root 1879 abr 12 18:02 cert2.pem
-rw-r--r-- 1 root root 1586 fev  9 08:15 chain1.pem
-rw-r--r-- 1 root root 1586 abr 12 18:02 chain2.pem
-rw-r--r-- 1 root root 3465 fev  9 08:15 fullchain1.pem
-rw-r--r-- 1 root root 3465 abr 12 18:02 fullchain2.pem
-rw------- 1 root root 1708 fev  9 08:15 privkey1.pem
-rw------- 1 root root 1704 abr 12 18:02 privkey2.pem

/etc/letsencrypt/csr:
total 32
drwxr-xr-x 2 root root 230 mai 18 08:16 .
drwxr-xr-x 9 root root 108 jun 22 14:16 ..
-rw-r--r-- 1 root root 944 fev  9 08:14 0000_csr-certbot.pem
-rw-r--r-- 1 root root 936 fev  9 08:17 0001_csr-certbot.pem
-rw-r--r-- 1 root root 936 abr 12 18:01 0002_csr-certbot.pem
-rw-r--r-- 1 root root 944 abr 12 18:02 0003_csr-certbot.pem
-rw-r--r-- 1 root root 936 abr 12 18:11 0004_csr-certbot.pem
-rw-r--r-- 1 root root 944 abr 12 18:17 0005_csr-certbot.pem
-rw-r--r-- 1 root root 944 mai 18 08:15 0006_csr-certbot.pem
-rw-r--r-- 1 root root 936 mai 18 08:16 0007_csr-certbot.pem

/etc/letsencrypt/keys:
total 32
drwx------ 2 root root  230 mai 18 08:16 .
drwxr-xr-x 9 root root  108 jun 22 14:16 ..
-rw------- 1 root root 1708 fev  9 08:14 0000_key-certbot.pem
-rw------- 1 root root 1704 fev  9 08:17 0001_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:01 0002_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:02 0003_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:11 0004_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:17 0005_key-certbot.pem
-rw------- 1 root root 1704 mai 18 08:15 0006_key-certbot.pem
-rw------- 1 root root 1708 mai 18 08:16 0007_key-certbot.pem

/etc/letsencrypt/live:
total 4
drwx------ 4 root root  88 fev  9 08:18 .
drwxr-xr-x 9 root root 108 jun 22 14:16 ..
drwxr-xr-x 2 root root  93 abr 12 18:02 backend.rassystem.com.br
drwxr-xr-x 2 root root  93 abr 12 18:02 backend.uat.rassystem.com.br
-rw-r--r-- 1 root root 740 fev  9 08:15 README

/etc/letsencrypt/live/backend.rassystem.com.br:
total 4
drwxr-xr-x 2 root root  93 abr 12 18:02 .
drwx------ 4 root root  88 fev  9 08:18 ..
lrwxrwxrwx 1 root root  48 abr 12 18:02 cert.pem -> ../../archive/backend.rassystem.com.br/cert2.pem
lrwxrwxrwx 1 root root  49 abr 12 18:02 chain.pem -> ../../archive/backend.rassystem.com.br/chain2.pem
lrwxrwxrwx 1 root root  53 abr 12 18:02 fullchain.pem -> ../../archive/backend.rassystem.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  51 abr 12 18:02 privkey.pem -> ../../archive/backend.rassystem.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 fev  9 08:18 README

/etc/letsencrypt/live/backend.uat.rassystem.com.br:
total 4
drwxr-xr-x 2 root root  93 abr 12 18:02 .
drwx------ 4 root root  88 fev  9 08:18 ..
lrwxrwxrwx 1 root root  52 abr 12 18:02 cert.pem -> ../../archive/backend.uat.rassystem.com.br/cert2.pem
lrwxrwxrwx 1 root root  53 abr 12 18:02 chain.pem -> ../../archive/backend.uat.rassystem.com.br/chain2.pem
lrwxrwxrwx 1 root root  57 abr 12 18:02 fullchain.pem -> ../../archive/backend.uat.rassystem.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  55 abr 12 18:02 privkey.pem -> ../../archive/backend.uat.rassystem.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 fev  9 08:15 README

/etc/letsencrypt/renewal:
total 0
drwxr-xr-x 2 root root   6 jun 22 14:16 .
drwxr-xr-x 9 root root 108 jun 22 14:16 ..

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 5 root root  43 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:16 ..
drwxr-xr-x 2 root root   6 fev  9 08:14 deploy
drwxr-xr-x 2 root root   6 fev  9 08:14 post
drwxr-xr-x 2 root root   6 fev  9 08:14 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/post:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/pre:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..
[ec2-user@prod-rasng-core ~]$ 

cat /var/log/letsencrypt/letsencrypt.log:

[ec2-user@prod-rasng-core ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
2021-06-22 14:16:38,964:DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-06-22 14:16:38,966:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2021-06-22 14:16:38,966:DEBUG:certbot._internal.main:Arguments: ['--cert-name', 'backend.uat.rassystem.com.br']
2021-06-22 14:16:38,966:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-22 14:16:38,980:DEBUG:certbot._internal.log:Root logging level set at 20
2021-06-22 14:16:38,981:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-22 14:16:43,091:DEBUG:certbot._internal.storage:Removed /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf
2021-06-22 14:16:43,092:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1057, in delete
    cert_manager.delete(config)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/cert_manager.py", line 104, in delete
    storage.delete_files(config, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/storage.py", line 350, in delete_files
    os.remove(link)
TypeError: coercing to Unicode: need string or buffer, NoneType found
2021-06-22 14:16:43,095:ERROR:certbot._internal.log:An unexpected error occurred:
2021-06-22 14:16:43,095:ERROR:certbot._internal.log:TypeError: coercing to Unicode: need string or buffer, NoneType found

2 Likes

Please run both delete commands once more then show the output of:

sudo ls -lRa /etc/letsencrypt

2 Likes
[ec2-user@prod-rasng-core ~]$ sudo certbot delete --cert-name backend.rassystem.com.br
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * backend.rassystem.com.br

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
No certificate found with name backend.rassystem.com.br (expected /etc/letsencrypt/renewal/backend.rassystem.com.br.conf).
[ec2-user@prod-rasng-core ~]$ sudo certbot delete --cert-name backend.uat.rassystem.com.br
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * backend.uat.rassystem.com.br

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
No certificate found with name backend.uat.rassystem.com.br (expected /etc/letsencrypt/renewal/backend.uat.rassystem.com.br.conf).
[ec2-user@prod-rasng-core ~]$ sudo ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 12
drwxr-xr-x  9 root root  108 jun 22 14:25 .
drwxr-xr-x 91 root root 8192 jun 15 08:05 ..
drwx------  3 root root   42 fev  9 08:14 accounts
drwx------  4 root root   74 fev  9 08:18 archive
drwxr-xr-x  2 root root  230 mai 18 08:16 csr
drwx------  2 root root  230 mai 18 08:16 keys
drwx------  4 root root   88 fev  9 08:18 live
drwxr-xr-x  2 root root    6 jun 22 14:16 renewal
drwxr-xr-x  5 root root   43 fev  9 08:14 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root  42 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwx------ 3 root root  23 fev  9 08:14 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 23 fev  9 08:14 .
drwx------ 3 root root 42 fev  9 08:14 ..
drwx------ 3 root root 46 fev  9 08:14 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 0
drwx------ 3 root root 46 fev  9 08:14 .
drwx------ 3 root root 23 fev  9 08:14 ..
drwx------ 2 root root 64 fev  9 08:14 b42a7bfc965e2958023edb76d620eb7c

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/b42a7bfc965e2958023edb76d620eb7c:
total 12
drwx------ 2 root root   64 fev  9 08:14 .
drwx------ 3 root root   46 fev  9 08:14 ..
-rw-r--r-- 1 root root   86 fev  9 08:15 meta.json
-r-------- 1 root root 1632 fev  9 08:14 private_key.json
-rw-r--r-- 1 root root   79 fev  9 08:14 regr.json

/etc/letsencrypt/archive:
total 0
drwx------ 4 root root  74 fev  9 08:18 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwxr-xr-x 2 root root 160 abr 12 18:02 backend.rassystem.com.br
drwxr-xr-x 2 root root 160 abr 12 18:02 backend.uat.rassystem.com.br

/etc/letsencrypt/archive/backend.rassystem.com.br:
total 32
drwxr-xr-x 2 root root  160 abr 12 18:02 .
drwx------ 4 root root   74 fev  9 08:18 ..
-rw-r--r-- 1 root root 1866 fev  9 08:18 cert1.pem
-rw-r--r-- 1 root root 1866 abr 12 18:02 cert2.pem
-rw-r--r-- 1 root root 1586 fev  9 08:18 chain1.pem
-rw-r--r-- 1 root root 1586 abr 12 18:02 chain2.pem
-rw-r--r-- 1 root root 3452 fev  9 08:18 fullchain1.pem
-rw-r--r-- 1 root root 3452 abr 12 18:02 fullchain2.pem
-rw------- 1 root root 1704 fev  9 08:18 privkey1.pem
-rw------- 1 root root 1704 abr 12 18:02 privkey2.pem

/etc/letsencrypt/archive/backend.uat.rassystem.com.br:
total 32
drwxr-xr-x 2 root root  160 abr 12 18:02 .
drwx------ 4 root root   74 fev  9 08:18 ..
-rw-r--r-- 1 root root 1879 fev  9 08:15 cert1.pem
-rw-r--r-- 1 root root 1879 abr 12 18:02 cert2.pem
-rw-r--r-- 1 root root 1586 fev  9 08:15 chain1.pem
-rw-r--r-- 1 root root 1586 abr 12 18:02 chain2.pem
-rw-r--r-- 1 root root 3465 fev  9 08:15 fullchain1.pem
-rw-r--r-- 1 root root 3465 abr 12 18:02 fullchain2.pem
-rw------- 1 root root 1708 fev  9 08:15 privkey1.pem
-rw------- 1 root root 1704 abr 12 18:02 privkey2.pem

/etc/letsencrypt/csr:
total 32
drwxr-xr-x 2 root root 230 mai 18 08:16 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
-rw-r--r-- 1 root root 944 fev  9 08:14 0000_csr-certbot.pem
-rw-r--r-- 1 root root 936 fev  9 08:17 0001_csr-certbot.pem
-rw-r--r-- 1 root root 936 abr 12 18:01 0002_csr-certbot.pem
-rw-r--r-- 1 root root 944 abr 12 18:02 0003_csr-certbot.pem
-rw-r--r-- 1 root root 936 abr 12 18:11 0004_csr-certbot.pem
-rw-r--r-- 1 root root 944 abr 12 18:17 0005_csr-certbot.pem
-rw-r--r-- 1 root root 944 mai 18 08:15 0006_csr-certbot.pem
-rw-r--r-- 1 root root 936 mai 18 08:16 0007_csr-certbot.pem

/etc/letsencrypt/keys:
total 32
drwx------ 2 root root  230 mai 18 08:16 .
drwxr-xr-x 9 root root  108 jun 22 14:25 ..
-rw------- 1 root root 1708 fev  9 08:14 0000_key-certbot.pem
-rw------- 1 root root 1704 fev  9 08:17 0001_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:01 0002_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:02 0003_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:11 0004_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:17 0005_key-certbot.pem
-rw------- 1 root root 1704 mai 18 08:15 0006_key-certbot.pem
-rw------- 1 root root 1708 mai 18 08:16 0007_key-certbot.pem

/etc/letsencrypt/live:
total 4
drwx------ 4 root root  88 fev  9 08:18 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwxr-xr-x 2 root root  93 abr 12 18:02 backend.rassystem.com.br
drwxr-xr-x 2 root root  93 abr 12 18:02 backend.uat.rassystem.com.br
-rw-r--r-- 1 root root 740 fev  9 08:15 README

/etc/letsencrypt/live/backend.rassystem.com.br:
total 4
drwxr-xr-x 2 root root  93 abr 12 18:02 .
drwx------ 4 root root  88 fev  9 08:18 ..
lrwxrwxrwx 1 root root  48 abr 12 18:02 cert.pem -> ../../archive/backend.rassystem.com.br/cert2.pem
lrwxrwxrwx 1 root root  49 abr 12 18:02 chain.pem -> ../../archive/backend.rassystem.com.br/chain2.pem
lrwxrwxrwx 1 root root  53 abr 12 18:02 fullchain.pem -> ../../archive/backend.rassystem.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  51 abr 12 18:02 privkey.pem -> ../../archive/backend.rassystem.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 fev  9 08:18 README

/etc/letsencrypt/live/backend.uat.rassystem.com.br:
total 4
drwxr-xr-x 2 root root  93 abr 12 18:02 .
drwx------ 4 root root  88 fev  9 08:18 ..
lrwxrwxrwx 1 root root  52 abr 12 18:02 cert.pem -> ../../archive/backend.uat.rassystem.com.br/cert2.pem
lrwxrwxrwx 1 root root  53 abr 12 18:02 chain.pem -> ../../archive/backend.uat.rassystem.com.br/chain2.pem
lrwxrwxrwx 1 root root  57 abr 12 18:02 fullchain.pem -> ../../archive/backend.uat.rassystem.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  55 abr 12 18:02 privkey.pem -> ../../archive/backend.uat.rassystem.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 fev  9 08:15 README

/etc/letsencrypt/renewal:
total 0
drwxr-xr-x 2 root root   6 jun 22 14:16 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 5 root root  43 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwxr-xr-x 2 root root   6 fev  9 08:14 deploy
drwxr-xr-x 2 root root   6 fev  9 08:14 post
drwxr-xr-x 2 root root   6 fev  9 08:14 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/post:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/pre:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..
[ec2-user@prod-rasng-core ~]$ 

2 Likes

Alright, honey badger time...

:gloves:

sudo rm -rf /etc/letsencrypt/archive/backend.rassystem.com.br

sudo rm -rf /etc/letsencrypt/archive/backend.uat.rassystem.com.br

sudo rm -rf /etc/letsencrypt/live/backend.rassystem.com.br

sudo rm -rf /etc/letsencrypt/live/backend.uat.rassystem.com.br

sudo rm -f /etc/letsencrypt/csr/*

sudo rm -f /etc/letsencrypt/keys/*

Then show the output of:

sudo ls -lRa /etc/letsencrypt

2 Likes
[ec2-user@prod-rasng-core ~]$ sudo ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 12
drwxr-xr-x  9 root root  108 jun 22 14:25 .
drwxr-xr-x 91 root root 8192 jun 15 08:05 ..
drwx------  3 root root   42 fev  9 08:14 accounts
drwx------  2 root root    6 jun 22 14:47 archive
drwxr-xr-x  2 root root    6 jun 22 14:47 csr
drwx------  2 root root  230 mai 18 08:16 keys
drwx------  2 root root   20 jun 22 14:47 live
drwxr-xr-x  2 root root    6 jun 22 14:16 renewal
drwxr-xr-x  5 root root   43 fev  9 08:14 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root  42 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwx------ 3 root root  23 fev  9 08:14 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 23 fev  9 08:14 .
drwx------ 3 root root 42 fev  9 08:14 ..
drwx------ 3 root root 46 fev  9 08:14 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 0
drwx------ 3 root root 46 fev  9 08:14 .
drwx------ 3 root root 23 fev  9 08:14 ..
drwx------ 2 root root 64 fev  9 08:14 b42a7bfc965e2958023edb76d620eb7c

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/b42a7bfc965e2958023edb76d620eb7c:
total 12
drwx------ 2 root root   64 fev  9 08:14 .
drwx------ 3 root root   46 fev  9 08:14 ..
-rw-r--r-- 1 root root   86 fev  9 08:15 meta.json
-r-------- 1 root root 1632 fev  9 08:14 private_key.json
-rw-r--r-- 1 root root   79 fev  9 08:14 regr.json

/etc/letsencrypt/archive:
total 0
drwx------ 2 root root   6 jun 22 14:47 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/csr:
total 0
drwxr-xr-x 2 root root   6 jun 22 14:47 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/keys:
total 32
drwx------ 2 root root  230 mai 18 08:16 .
drwxr-xr-x 9 root root  108 jun 22 14:25 ..
-rw------- 1 root root 1708 fev  9 08:14 0000_key-certbot.pem
-rw------- 1 root root 1704 fev  9 08:17 0001_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:01 0002_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:02 0003_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:11 0004_key-certbot.pem
-rw------- 1 root root 1704 abr 12 18:17 0005_key-certbot.pem
-rw------- 1 root root 1704 mai 18 08:15 0006_key-certbot.pem
-rw------- 1 root root 1708 mai 18 08:16 0007_key-certbot.pem

/etc/letsencrypt/live:
total 4
drwx------ 2 root root  20 jun 22 14:47 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
-rw-r--r-- 1 root root 740 fev  9 08:15 README

/etc/letsencrypt/renewal:
total 0
drwxr-xr-x 2 root root   6 jun 22 14:16 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 5 root root  43 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwxr-xr-x 2 root root   6 fev  9 08:14 deploy
drwxr-xr-x 2 root root   6 fev  9 08:14 post
drwxr-xr-x 2 root root   6 fev  9 08:14 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/post:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/pre:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

2 Likes

I think you might have missed this one:

sudo rm -f /etc/letsencrypt/keys/*

Then show the output of:

sudo ls -lRa /etc/letsencrypt

2 Likes

Please also show the output of:

sudo cat /usr/local/bin/renew-certificado-ssl.sh

2 Likes
[ec2-user@prod-rasng-core ~]$ sudo ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 12
drwxr-xr-x  9 root root  108 jun 22 14:25 .
drwxr-xr-x 91 root root 8192 jun 15 08:05 ..
drwx------  3 root root   42 fev  9 08:14 accounts
drwx------  2 root root    6 jun 22 14:47 archive
drwxr-xr-x  2 root root    6 jun 22 14:47 csr
drwx------  2 root root    6 jun 22 15:34 keys
drwx------  2 root root   20 jun 22 14:47 live
drwxr-xr-x  2 root root    6 jun 22 14:16 renewal
drwxr-xr-x  5 root root   43 fev  9 08:14 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root  42 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwx------ 3 root root  23 fev  9 08:14 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 23 fev  9 08:14 .
drwx------ 3 root root 42 fev  9 08:14 ..
drwx------ 3 root root 46 fev  9 08:14 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 0
drwx------ 3 root root 46 fev  9 08:14 .
drwx------ 3 root root 23 fev  9 08:14 ..
drwx------ 2 root root 64 fev  9 08:14 b42a7bfc965e2958023edb76d620eb7c

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/b42a7bfc965e2958023edb76d620eb7c:
total 12
drwx------ 2 root root   64 fev  9 08:14 .
drwx------ 3 root root   46 fev  9 08:14 ..
-rw-r--r-- 1 root root   86 fev  9 08:15 meta.json
-r-------- 1 root root 1632 fev  9 08:14 private_key.json
-rw-r--r-- 1 root root   79 fev  9 08:14 regr.json

/etc/letsencrypt/archive:
total 0
drwx------ 2 root root   6 jun 22 14:47 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/csr:
total 0
drwxr-xr-x 2 root root   6 jun 22 14:47 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/keys:
total 0
drwx------ 2 root root   6 jun 22 15:34 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/live:
total 4
drwx------ 2 root root  20 jun 22 14:47 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
-rw-r--r-- 1 root root 740 fev  9 08:15 README

/etc/letsencrypt/renewal:
total 0
drwxr-xr-x 2 root root   6 jun 22 14:16 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 5 root root  43 fev  9 08:14 .
drwxr-xr-x 9 root root 108 jun 22 14:25 ..
drwxr-xr-x 2 root root   6 fev  9 08:14 deploy
drwxr-xr-x 2 root root   6 fev  9 08:14 post
drwxr-xr-x 2 root root   6 fev  9 08:14 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/post:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

/etc/letsencrypt/renewal-hooks/pre:
total 0
drwxr-xr-x 2 root root  6 fev  9 08:14 .
drwxr-xr-x 5 root root 43 fev  9 08:14 ..

#!/bin/bash
#
# Script para renovação do certificado ssl para conexão segura https do rasng
# AS VARIAVEIS RENEWED_DOMAINS E RENEWED_LINEAGE VEM DO COMANDO certbot renew --deploy-hook
# ESSE SCRIPT SÓ VAI SER EXECUTADO QUANDO O certbot renew FOR RENOVAR O CERTIFICADO

DNS_CERT="echo ${RENEWED_DOMAINS} | cut -d' ' -f1"
DIR_APP="/usr/local/rasng-core"
PASS_CERT="xxxxxxxxxx"


echo "Atualizando Certificado: $DNS_CERT"
openssl pkcs12 -export \
	-in ${RENEWED_LINEAGE}/fullchain.pem \
	-inkey ${RENEWED_LINEAGE}/privkey.pem \
	-out /tmp/${DNS_CERT}.p12 \
	-name ${DNS_CERT} \
	-caname "Let's Encrypt Authority R3" \
	-password pass:${PASS_CERT}
keytool -noprompt -importkeystore \
	-deststorepass ${PASS_CERT} \
	-destkeypass ${PASS_CERT} \
	-deststoretype pkcs12 \
	-srckeystore /tmp/${DNS_CERT}.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass ${PASS_CERT} \
	-destkeystore /tmp/${DNS_CERT}.keystore \
	-alias ${DNS_CERT}
echo "Copiando '/tmp/${DNS_CERT}.keystore' para ${DIR_APP}/"
[ -f "${DIR_APP}/${DNS_CERT}.keystore" ] && mv -v ${DIR_APP}/${DNS_CERT}.keystore ${DIR_APP}/certs-old/${DNS_CERT}-$(date +%Y%m%d).keystore
cp -fv /tmp/${DNS_CERT}.keystore ${DIR_APP}/
echo "Removendo Certificado gerados"
rm /tmp/${DNS_CERT}.keystore
rm /tmp/${DNS_CERT}.p12

/etc/init.d/rasng-core restart
2 Likes