Please fill out the fields below so we can help you better.
My domain is:i-windenergy.com
I ran this command:certbot-auto renew
It produced this output: Attempting to renew cert from /etc/letsencrypt/renewal/i-windenergy.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for i-windenergy.net:
Choices: [‘Enter a new webroot’, ‘/usr/share/nginx/drupal/prod/drupal-7’]
(You can set this with the --webroot-path flag). Skipping.
My operating system is (include version):Debian
My web server is (include version):nginx
My hosting provider, if applicable, is:digitalocean
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
Question 1: Why is it trying to renew i-windenergy.net? It is not in the renewal file.
Question 2: The renewal of i-windenergy.com is in files /etc/letsencrypt/live/i-windenergy.com-0001/. The /etc/letsencrypt/live/i-windenergy.com/ exists and contain the older files.The website https://i-windenergy.com loads as “Not Secure.” What is the cleanest way to solve this?
thanks
The list of domains to renew is taken from the certificate itself, which can contain up to 100 domains. You can see what domains are in a particular certificate with openssl x509 -in cert.pem -text -noout. They will be listed in the X509v3 Subject Alternative Name section. Alternatively, you can find out a summary of all of your Certbot-installed certificates, plus which names they apply to, by running certbot certificates (for certbot-auto users, certbot-auto certificates).
If you decide that one of the certificates is redundant and is not being used by your web server, you could delete it with certbot-auto delete. You have to specify a name with --cert-name (which is the same as name of the subdirectory in /etc/letsencrypt/live, and also the same as the name shown by certbot-auto certificates).
This extra certificate wouldn't have been created by the renewal process. Rather, it's been there for some time as a result of some occasion when certbot-auto was run with some parameters that led it to make a duplicative certificate; then certbot-auto renew turned up a problem with its renewal.
In terms of your "not secure" problem, this has nothing to do with the certificate, but rather with mixed content (loading insecure resources inside of a secure page). You can diagnose this with