What does the error message 'Unable to recover files from /var/lib/letsencrypt/temp_checkpoint’
mean?
Certbot is unable to read the temp_checkpoint for reason or another.
I tried to reproduce this on the exactly same version of CentOS and Apache, but was unable to do so. If you wish to continue debugging the problem, I would suggest adding an auditctl watch on the /var/lib/letsencrypt and /etc/letsencrypt directories to learn what's going on in the filesystem.
To do so, issue the following commands:
sudo auditctl -w /var/lib/letsencrypt -p rwxa -k certbotlib
sudo auditctl -w /etc/letsencrypt -p rwxa -k certbotetc
This will cause auditd to record all file accesses under these directories. After issuing the above commands, please run certbot again. After you are done, retrieve the logs by issuing:
sudo ausearch -k certbotlib
sudo ausearch -k certbotetc
These will produce a lot of log lines, so please either pastebin / gist the lines alongside of Certbot logs for the last run or email the logs to me: joona.hoikkala@eff.org . To remove the watch rules afterwards, issue:
sudo auditctl -W /var/lib/letsencrypt -p rwxa -k certbotlib
sudo auditctl -W /etc/letsencrypt -p rwxa -k certbotetc
note the uppercase W.