Renewal question

Hi how are you?
I get email alerts that I need to renew my certificates, but when I login via ssh and run 'certbot renew', there are none to renew.
I also get this error on multiple certificates:

Trying to parse version 1.17.0 refresh configuration file found at /etc/letsencrypt/renewal/ with version 1.11.0 of Certbot. This may not work.
Trying to parse the version 1.18.0 refresh configuration file found in /etc/letsencrypt/renewal/ with version 1.11.0 of Certbot. This may not work.
The certificate has not yet to be renewed

I really need automatic certificate renewal, I have a lot of certificates and it would be very difficult to renew them manually, can you help me understand what to do and how to solve the "try to analyze" error?

I am running Centos 7 with certbot certbot certbot-1.11.0-1.el7.noarch

Have you also read the explanation — which is linked in those expiry e-mails — about what Let's Encrypt defines as a renewal and why you sometimes get an expiry e-mail when you didn't expect it?

1 Like

Hi Osiris, yes I have read it, but I am new in this world, so ask your opinion.
I think that if I wait to certs expire, I could run certbot renew without problems, but... if I have and I cant renew? Thats is the reason of my question

You have two issues:
[neither of which requires a posting under "Feature Requests", so this topic is being moved to "Help"]

  1. You received an email notification about a certificate expiring soon.
    Please provide the FQDN shown on the expiry email to better explain that email to you.

  2. There are parsing errors shown by certbot 1.11.0 when reading renewal configs generated by versions 1.18.0 and 1.17.0.
    Please ensure that you only have one version on certbot installed.
    Also check the automated renewal jobs (cron and systemd timers) for any unnecessary duplication.

@curchunflo curchunflo

cd /etc/letsencrypt/renewal

First try all this

sudo aptitude install -y certbot python-certbot-apache

sudo certbot renew

sudo certbot renewal


./certbot-auto renewal

If success run this

sudo service apache2 restart

If no errors then your done!

If still dont work try this...

comment out the offending lines (in error you will get clues!!!)

For example line 332 in my case!

use this to edit if required!

sudo nano /etc/apache2/apache2.conf

PS: An error will point you to the line and comment out all lines giving errors then change the file back after its finished letencrypt renewal

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"

^^^ line 322 was the issue in my case!


Now your ready to try again to renew 

I hope lets encrypt allow this formatting line in conf file in the future as it is a pain having to comment out a link renew a cert then uncomment out the line and resave and restart apache everytime i want to renew!
I hope this helped you out aswell!

look for changes or lines in conf file and make sure you have the right certbox installed (make sure you dont have 2 versions)

Thank you! I did that and I get this error:
2 renew failure(s), 1 parse failure(s)

But if I run manually I can renew. It would be great if I could automate the process :frowning:

I'm confused... :confused:

You can't do:

But you can do:

Please explain.

thank you for your answer. When I run certbot renew it throws those errors I mentioned above. In the same way, reviewing the log, I saw that the error it throws is because the script asks for a webroot path but the script advances without selecting it (I executed 'sudo certbot renew' without indicating any particular domain), and that is why I can later do it specifically for one of the domains (certbot certonly --webroot --webroot-path $ path -d $ domain).
Just in case: the server runs a CENTOS 7

That should "fix" it so that on the next certbot renew those params will be used (for that domain).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.