Unable to renew, but --dry-run is successful

Help
1

Hello there,

I’m not able to renew my certificate, certbot-auto renew fails (see below), but certbot-auto --dry-run renew reports no errors

My domain is: cpunke.de

I ran this command: certbot-auto renew

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/cpunke.de.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Attempting to renew cert (cpunke.de) from /etc/letsencrypt/renewal/cpunke.de.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/39367445f0335988ac95f095ff2b83eb does not exist. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cpunke.de/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cpunke.de/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache 2.4.29

The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS

I can login to a root shell on my machine:yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.32.0

root@ubuntu:/etc/letsencrypt/accounts# ls -ltr
total 8
drwx------ 3 root root 4096 Jan 27 23:16 acme-staging-v02.api.letsencrypt.org
drwx------ 3 root root 4096 Mär 21 04:05 acme-v02.api.letsencrypt.org

root@ubuntu:/etc/letsencrypt/accounts# cat /etc/letsencrypt/renewal/cpunke.de.conf

renew_before_expiry = 30 days

version = 0.32.0
cert = /etc/letsencrypt/live/cpunke.de/cert.pem
privkey = /etc/letsencrypt/live/cpunke.de/privkey.pem
chain = /etc/letsencrypt/live/cpunke.de/chain.pem
fullchain = /etc/letsencrypt/live/cpunke.de/fullchain.pem
archive_dir = /etc/letsencrypt/archive/cpunke.de

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = 39367445f0335988ac95f095ff2b83eb
pref_challs = http-01,
server = https://acme-v02.api.letsencrypt.org/directory

Any ideas?

2

Hi @cpu2910

looks like you have deleted your Letsencrypt -v1 - account.

Use

certbot register

to create a new account.

3

@JuergenAuer: Thank you for the quick answer, but register does not do the trick.
The command runs fine without errors, but renew does not work.

I tried ‘certbot-auto run’ to replace the existing certificate, that works fine!

So: problem solved!

Is it necessary or possible to edit the post title like something with [SOLVED] ?

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.