Unable to renew Cert do to missing command lineflag, or config entry

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
prismforge.com

I ran this command:
certbot renew

It produced this output:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/s1.prismforge.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin2.prismforge.com
http-01 challenge for s1.prismforge.com
Cleaning up challenges
Attempting to renew cert (s1.prismforge.com) from /etc/letsencrypt/renewal/s1.prismforge.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for admin2.prismforge.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/s1.prismforge.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/s1.prismforge.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version):
nginx 1.14.0

The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-55-generic x86_64)

My hosting provider, if applicable, is:
sparkedhost us

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no, putty

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

Due to a bug that’s been fixed in newer versions of Certbot, /etc/letsencrypt/renewal/s1.prismforge.com.conf is missing one of the settings.

It might work to run “certbot renew --cert-name s1.prismforge.com -w /insert/path/here” with the correct web root path.

If not, try repeating the command you used to create the certificate originally – e.g. “certbot certonly --webroot -d s1.prismforge.com -d admin2.prismforge.com -w /insert/path/here” or whatever.

what is the webroot?

The document root(s) for your website. You had to specify it/them when creating the certificate, but Certbot failed to save it.

Please show this file:

version = 0.31.0
archive_dir = /etc/letsencrypt/archive/s1.prismforge.com
cert = /etc/letsencrypt/live/s1.prismforge.com/cert.pem
privkey = /etc/letsencrypt/live/s1.prismforge.com/privkey.pem
chain = /etc/letsencrypt/live/s1.prismforge.com/chain.pem
fullchain = /etc/letsencrypt/live/s1.prismforge.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = *
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory```

Seems to be missing…

[[webroot_map]]
admin2.prismforge.com = /replace/with/actual/document/root/path
s1.prismforge.com = /replace/with/actual/document/root/path

idk the path for it though

Your hosting provider is SparkHost.us. They provide FREE SSls on their hosting plans. They also state you can use free LetsEncrypt certificate also.
They also have a cPanel, which I take you are not using.
Oops… the moderator is replying… I stand by for a few.

Never mind, I believe I’ve fixed the issue, I was working with a wrong update method.

thanks for the assistance

Just to let you know, on SparkHost’s pricing page they show two types of hosting levels… and both state they provide free SSLs. If they ended providing free SSLs, then someone forgot to update their pricing page.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.