Renewal failed, account does not exist

maereax · July 24, 2022, 7:14pm

Hi guys, I got notice of my cert expiring recently and when I went to renew it, this is the error I'm getting. I have no idea what it means. If anyone could point me in a direction it would be much appreciated.

The location that it's pointing to when it says "Account does not exist" doesn't exist as far as I can tell.

My domain is: maereax.com

I ran this command: started my swag instance

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/maereax.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Failed to renew certificate maereax.com with error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/1fcf25757a9a71ae4148a5a8e2c5eee8 does not exist

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/maereax.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version): unraid 6.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Osiris · July 24, 2022, 7:18pm

Do you have anything important connected to your account? E.g., the ECDSA root whitelist or rate limit excemptions?

maereax · July 24, 2022, 7:24pm

No, nothing that I've setup manually

Osiris · July 24, 2022, 7:26pm

Ok, perhaps you could try to manually register an account with the current ACME endpoint, version 2 (v2). v1 has been deprecated and shut down some time ago now.

Please try and post the output of the command:

certbot register --server acme-v02.api.letsencrypt.org

And we'll go from there.

maereax · July 24, 2022, 7:30pm

root@12d61ebd3b94:/# certbot register --server acme-v02.api.letsencrypt.org

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): **********
An unexpected error occurred:
requests.exceptions.MissingSchema: Invalid URL 'acme-v02.api.letsencrypt.org': No scheme supplied. Perhaps you meant http://acme-v02.api.letsencrypt.org?
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

root@12d61ebd3b94:/# certbot register --server http://acme-v02.api.letsencrypt.org

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): *********
An unexpected error occurred:
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Osiris · July 24, 2022, 7:34pm

Hm, didn't know certbot was that picky. Try it with https:// in front of it.

Although I find it curious why your http:// wouldn't work. It seems Let's Encrypt doesn't allow HTTP access, only HTTPS.

maereax · July 24, 2022, 7:35pm

root@12d61ebd3b94:/# certbot register --server https://acme-v02.api.letsencrypt.org

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): ********
An unexpected error occurred:
acme.errors.ClientError: Unexpected response Content-Type: text/html
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

just wanted to take a sec and say thanks for helping me. This is all pretty far over my head

Osiris · July 24, 2022, 7:37pm

Ah yes, sorry, I forgot another thing.. Please add the path /directory to the end of the URL..

The (complete) server URL is https://acme-v02.api.letsencrypt.org/directory

Guess I'm having a heatstroke or something

maereax · July 24, 2022, 7:43pm

Ok so this command worked and then i restarted my swag instance and got the same error. Is there a way to manually renew that cert through the cli using the new account i just registered?

The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes.
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Sun Jul 24 15:39:32 EDT 2022
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/maereax.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Failed to renew certificate maereax.com with error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/1fcf25757a9a71ae4148a5a8e2c5eee8 does not exist

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/maereax.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

it sure is hot enough for that to be a possibility!

Osiris · July 24, 2022, 7:46pm

That was my thought also, but first I wanted you to register (or at least check) an account with the v2 API. I'm hoping the following command will do the trick:

certbot renew --cert-name maereax.com --server https://acme-v02.api.letsencrypt.org/directory

If not, we'll need to dive a little bit deeper.

rg305 · July 24, 2022, 7:48pm

I see CloudFlare:

Name:      maereax.com
Addresses: 2606:4700:3032::6815:471e
           2606:4700:3031::ac43:8ec5
           104.21.71.30
           172.67.142.197

Osiris · July 24, 2022, 7:49pm

I'm not sure how that's related to an incorrectly set account?

maereax · July 24, 2022, 7:49pm

I had to add the commands --tos-agree and --email x but that was successful and upon rebooting swag everything looks normal

Thank you very much, I don't think I would have gotten there by myself!!!

rg305 · July 24, 2022, 7:50pm

It's not.
It will likely be part of the:

[later - CF is always "part of some problem" or other]

Osiris · July 24, 2022, 7:53pm

Hm, weird, I could have expected those with the register subcommand, but not sure why they would be necessary for the renew subcommand?

Ah well, as long as it works, it works

Apparently not

maereax · July 24, 2022, 7:55pm

Trust me, if you don't know I definitely don't know, but the first time i copy/pasted your command it failed and suggested i may need to add those two arguments. I added both and it took about 15 seconds before it renewed. I rebooted swag again and am able to access my sites and everything seems great. Thank you again and stay cool!