Processing /etc/letsencrypt/renewal/danbryg.dk.conf
2017-02-27 19:33:19,708:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/danbryg.dk.conf produced an unexpected error: [Errno 2] No such file or directory: '/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a407bb0337b6f4248177b21b2dc7ba87/private_key.json'. Skipping.
The directory is there but the private_key.json is missing.
First, that’s very odd. Are the other files present (meta.json and regr.json)? Not that it matters, you really need private_key.json for your account to work.
I’m not sure what certbots inner workings are if you try to get a new certificate without using the renew command (i.e., just run the first command you posted again, perhaps to be sure with the --expand switch. Although you’re actually not expanding, this should prevent certbot from making a second directory for the same domain name.)
Perhaps it will generate a new account for you, perhaps it will give the same error as when renewing, I don’t know. We’ll find out when you try
Edit: My simple test seems to indicate certbot will generate a new account when issuing a new certificate. It’s just the renewal that won’t work, because the renewal configuration specifically points to the broken account. But I’m assuming the renewal configuration will be updated with the new account when you got your new certificate.
Yes, the meta and regr files are there. Tried to get a new cert and it worked but no new private_key. Then I tried with the expand command and accepted to replace the new cert. That also succeeded but still no new private file for the a4 directory:
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/danbryg.dk/fullchain.pem. Your cert will
expire on 2017-05-28. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
If you like Let's Encrypt, please consider supporting our work by:
You have new mail in /var/mail/root
root@h2 ~ #
root@h2 ~ # find /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a407bb0337b6f4248177b21b2dc7ba87
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a407bb0337b6f4248177b21b2dc7ba87/regr.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a407bb0337b6f4248177b21b2dc7ba87/meta.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/f6a07992ea9cd5ca50d1f913d9e001ae
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/f6a07992ea9cd5ca50d1f913d9e001ae/private_key.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/f6a07992ea9cd5ca50d1f913d9e001ae/regr.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/f6a07992ea9cd5ca50d1f913d9e001ae/meta.json
Perhaps it is because there are another directory with a private file?
Correct. It's impossible to get that back. That's why it's called the private key: because it's private, you're the only one to have a copy. Unless you chose to, no-one has a copy, not even Let's Encrypt.
Figure out where your private_key.json went. Files don't go missing all of a sudden. Perhaps you nade a backup, like certbot should have adviced you? Without the original private_key.json, you can't restore an account.
As long as you are staying below the rate limits, you might opt for issuing the cert again, but now with your old account and (backup and) delete the new one. That said, you can also opt for resetting the renewal configuration to the old account and just wait until the cert gets renewed again, this time with your old account. After which you can delete the new account.
