Renewing Wildcard Certificate An unexpected error occurred

Hello!

I've tried to restart the renewing process. The certificate was already expired.
In the first try I get the key to insert in the dns txt entry but the challenge afterwards did'nt work
and I became this error:

An unexpected error occurred:
FileExistsError: [Errno 17] File exists: '/etc/letsencrypt/archive/lairdturner.com/privkey6.pem'

After that I tried another time but now I get straight to the error.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lairdturner.com

I ran this command: certbot certonly --manual --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d "*.lairdturner.com"

It produced this output:Renewing an existing certificate
An unexpected error occurred:
FileExistsError: [Errno 17] File exists: '/etc/letsencrypt/archive/lairdturner.com/privkey6.pem'

My web server is (include version):Nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:Netcup

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):0.40.0

Hope you can help me!?

Thanks

1 Like

Hi @LairdTurner, and welcome to the LE community forum :slight_smile:

Please show:
ls -l /etc/letsencrypt/archive/lairdturner.com/
ls -l /etc/letsencrypt/live/lairdturner.com/

3 Likes

@rg305 Thanks! Nice to be here!

ls -l /etc/letsencrypt/archive/lairdturner.com/ ->
-rw-r--r-- 1 root root 1870 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/cert10.pem
-rw-r--r-- 1 root root 1874 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/cert11.pem
-rw-r--r-- 1 root root 1870 Nov 6 13:28 /etc/letsencrypt/archive/lairdturner.com/cert12.pem
-rw-r--r-- 1 root root 1850 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/cert1.pem
-rw-r--r-- 1 root root 1850 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/cert2.pem
-rw-r--r-- 1 root root 1846 Aug 14 2021 /etc/letsencrypt/archive/lairdturner.com/cert3.pem
-rw-r--r-- 1 root root 1850 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/cert4.pem
-rw-r--r-- 1 root root 1850 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/cert5.pem
-rw-r--r-- 1 root root 1850 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/cert6.pem
-rw-r--r-- 1 root root 1846 Feb 9 2022 /etc/letsencrypt/archive/lairdturner.com/cert7.pem
-rw-r--r-- 1 root root 1850 May 3 2022 /etc/letsencrypt/archive/lairdturner.com/cert8.pem
-rw-r--r-- 1 root root 1870 May 3 2022 /etc/letsencrypt/archive/lairdturner.com/cert9.pem
-rw-r--r-- 1 root root 3750 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/chain10.pem
-rw-r--r-- 1 root root 3750 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/chain11.pem
-rw-r--r-- 1 root root 3750 Nov 6 13:28 /etc/letsencrypt/archive/lairdturner.com/chain12.pem
-rw-r--r-- 1 root root 3750 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/chain1.pem
-rw-r--r-- 1 root root 3750 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/chain2.pem
-rw-r--r-- 1 root root 3750 Aug 14 2021 /etc/letsencrypt/archive/lairdturner.com/chain3.pem
-rw-r--r-- 1 root root 3750 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/chain4.pem
-rw-r--r-- 1 root root 3750 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/chain5.pem
-rw-r--r-- 1 root root 3750 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/chain6.pem
-rw-r--r-- 1 root root 3750 Feb 9 2022 /etc/letsencrypt/archive/lairdturner.com/chain7.pem
-rw-r--r-- 1 root root 3750 May 3 2022 /etc/letsencrypt/archive/lairdturner.com/chain8.pem
-rw-r--r-- 1 root root 3750 May 3 2022 /etc/letsencrypt/archive/lairdturner.com/chain9.pem
-rw-r--r-- 1 root root 5620 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/fullchain10.pem
-rw-r--r-- 1 root root 5624 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/fullchain11.pem
-rw-r--r-- 1 root root 5620 Nov 6 13:28 /etc/letsencrypt/archive/lairdturner.com/fullchain12.pem
-rw-r--r-- 1 root root 5600 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/fullchain1.pem
-rw-r--r-- 1 root root 5600 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/fullchain2.pem
-rw-r--r-- 1 root root 5596 Aug 14 2021 /etc/letsencrypt/archive/lairdturner.com/fullchain3.pem
-rw-r--r-- 1 root root 5600 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/fullchain4.pem
-rw-r--r-- 1 root root 5600 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/fullchain5.pem
-rw-r--r-- 1 root root 5600 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/fullchain6.pem
-rw-r--r-- 1 root root 5596 Feb 9 2022 /etc/letsencrypt/archive/lairdturner.com/fullchain7.pem
-rw-r--r-- 1 root root 5600 May 3 2022 /etc/letsencrypt/archive/lairdturner.com/fullchain8.pem
-rw-r--r-- 1 root root 5596 Aug 2 2022 /etc/letsencrypt/archive/lairdturner.com/fullchain9.pem
-rw------- 1 root root 1704 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/privkey10.pem
-rw------- 1 root root 1704 Oct 30 2022 /etc/letsencrypt/archive/lairdturner.com/privkey11.pem
-rw------- 1 root root 1704 Nov 6 13:28 /etc/letsencrypt/archive/lairdturner.com/privkey12.pem
-rw------- 1 root root 1704 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/privkey1.pem
-rw------- 1 root root 1704 May 15 2021 /etc/letsencrypt/archive/lairdturner.com/privkey2.pem
-rw------- 1 root root 1704 Aug 14 2021 /etc/letsencrypt/archive/lairdturner.com/privkey3.pem
-rw------- 1 root root 1704 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/privkey4.pem
-rw------- 1 root root 1708 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/privkey5.pem
-rw------- 1 root root 1708 Nov 13 2021 /etc/letsencrypt/archive/lairdturner.com/privkey6.pem
-rw------- 1 root root 1704 Feb 9 2022 /etc/letsencrypt/archive/lairdturner.com/privkey7.pem
-rw------- 1 root root 1708 May 3 2022 /etc/letsencrypt/archive/lairdturner.com/privkey8.pem
-rw------- 1 root root 1708 Aug 2 2022 /etc/letsencrypt/archive/lairdturner.com/privkey9.pem

ls -l /etc/letsencrypt/live/lairdturner.com/ ->
lrwxrwxrwx 1 root root 44 Feb 4 09:50 cert.pem -> ../../archive/lairdturner.com-0001/cert5.pem
lrwxrwxrwx 1 root root 45 Feb 4 09:50 chain.pem -> ../../archive/lairdturner.com-0001/chain5.pem
lrwxrwxrwx 1 root root 49 Feb 4 09:50 fullchain.pem -> ../../archive/lairdturner.com-0001/fullchain5.pem
lrwxrwxrwx 1 root root 47 Feb 4 09:50 privkey.pem -> ../../archive/lairdturner.com-0001/privkey5.pem
-rw-r--r-- 1 root root 692 Aug 2 2022 README

The files in the /live/ folder are referencing:

NOT:

What shows?:
certbot certificates

[also, certbot 0.40.0 is in need of an update]

3 Likes

certbot certificates ->

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/lairdturner.com-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/lairdturner.com-0001/cert.pem to be a symlink. Skipping.


Found the following certs:
Certificate Name: lairdturner.com
Domains: *.lairdturner.com
Expiry Date: 2023-05-05 07:50:29+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/lairdturner.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/lairdturner.com/privkey.pem

The following renewal configurations were invalid:
/etc/letsencrypt/renewal/lairdturner.com-0001.conf

I have now simply with certbot delete --cert-name lairdturner.com deleted the certificate and then created a new one and now it works. What I do not understand in this context now why I had to make nothing new in the DNS txt entry. Can someone explain this to me?

The output of ls -l /etc/letsencrypt/archive/lairdturner.com/ is

-rw-r--r-- 1 root root 1846 May 5 15:25 cert1.pem
-rw-r--r-- 1 root root 3750 May 5 15:25 chain1.pem
-rw-r--r-- 1 root root 5596 May 5 15:25 fullchain1.pem
-rw------- 1 root root 1708 May 5 15:25 privkey1.pem

and the output of ls -l /etc/letsencrypt/live/lairdturner.com/ is

lrwxrwxrwx 1 root root 39 May 5 15:25 cert.pem -> ../../archive/lairdturner.com/cert1.pem
lrwxrwxrwx 1 root root 40 May 5 15:25 chain.pem -> ../../archive/lairdturner.com/chain1.pem
lrwxrwxrwx 1 root root 44 May 5 15:25 fullchain.pem -> ../../archive/lairdturner.com/fullchain1.pem
lrwxrwxrwx 1 root root 42 May 5 15:25 privkey.pem -> ../../archive/lairdturner.com/privkey1.pem
-rw-r--r-- 1 root root 692 May 5 15:25 README

Additionally I've deleted the renewal conf /etc/letsencrypt/renewal/lairdturner.com-0001.conf

Now it seems to be okay. Was this procedure correct?

Thanks!

1 Like

Let's Encrypt caches successful domain name validations for 30 days. You have gotten several certs recently so a successful validation was in the cache.

3 Likes

Please show:
ls -l /etc/letsencrypt/live/lairdturner.com-0001/

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.