Renewal created folder 0001 and now ssl is not working


#1

Please fill out the fields below so we can help you better.

My domain is:i-windenergy.com

I ran this command:certbot-auto renew

It produced this output: Attempting to renew cert from /etc/letsencrypt/renewal/i-windenergy.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for i-windenergy.net:
Choices: [‘Enter a new webroot’, ‘/usr/share/nginx/drupal/prod/drupal-7’]

(You can set this with the --webroot-path flag). Skipping.

My operating system is (include version):Debian

My web server is (include version):nginx

My hosting provider, if applicable, is:digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

Question 1: Why is it trying to renew i-windenergy.net? It is not in the renewal file.
Question 2: The renewal of i-windenergy.com is in files /etc/letsencrypt/live/i-windenergy.com-0001/. The /etc/letsencrypt/live/i-windenergy.com/ exists and contain the older files.The website https://i-windenergy.com loads as “Not Secure.” What is the cleanest way to solve this?
thanks


#2

Hi @pjindent,

The list of domains to renew is taken from the certificate itself, which can contain up to 100 domains. You can see what domains are in a particular certificate with openssl x509 -in cert.pem -text -noout. They will be listed in the X509v3 Subject Alternative Name section. Alternatively, you can find out a summary of all of your Certbot-installed certificates, plus which names they apply to, by running certbot certificates (for certbot-auto users, certbot-auto certificates).

If you decide that one of the certificates is redundant and is not being used by your web server, you could delete it with certbot-auto delete. You have to specify a name with --cert-name (which is the same as name of the subdirectory in /etc/letsencrypt/live, and also the same as the name shown by certbot-auto certificates).

This extra certificate wouldn’t have been created by the renewal process. Rather, it’s been there for some time as a result of some occasion when certbot-auto was run with some parameters that led it to make a duplicative certificate; then certbot-auto renew turned up a problem with its renewal.

In terms of your “not secure” problem, this has nothing to do with the certificate, but rather with mixed content (loading insecure resources inside of a secure page). You can diagnose this with

https://www.whynopadlock.com/


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.