Unable to renew certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:avmail.alliedvaughn.com

I ran this command: sudo service apache2 stop
sudo certbot renew
Sudo service apache2 start

It produced this output: When I ran the sudo certbot renew it produced this error message:
root@avmail:/etc/letsencrypt/renewal# sudo certbot renew
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --standalone-supported-challenges=http-01

My web server is (include version): apache2 2.4.29

The operating system my web server runs on is (include version): Ubuntu 18 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.11.0

2

What shows?:
certbot certificates

3 Likes
3

Looks like there are unrecognized arguments being passed to Certbot.

2 Likes
4

I suspect that [--standalone-supported-challenges=http-01] could be in the renewal.conf file.
That's why I asked for the certificates.

Or... Maybe there are multiple versions of certbot installed.

3 Likes
5

This is the error I get when I run the command certbot certificates

root@avmail:/home/illkarl# certbot certificates
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --standalone-supported-challenges=http-0
1

I also ran the below command:
root@avmail:/home/illkarl# certbot --version
certbot 2.11.0

yes, standalone_supported_challenges = http-01, is in the renewal conf file.

6

How did it get in there?

3 Likes
7

I'm guessing my predecessor put it there. My company was already using Let's Encrypt for 2 of our servers before I started in May 2023. Should it be taken out?

8

Yes, it's not an option recognised by the current Certbot versions. Frankly, this option was removed in Certbot version 0.33.0, released back in 2019-04-03, more than 5 years ago.

So if you're running into this problem just now, that would mean you were running a really ANCIENT version of Certbot for all those years..

The standalone plugin only supports http-01 anyway, so the option was superfluous..

4 Likes
9

Now it is coming back to me. The last time I had to renew the certificate for this server I also had issues where it wouldn't renew. At that time I also posted something in the community and someone was able to help me resolved it. However after the certificate renewal he had me check the certbot version and notice it was 0.27.0. He had me upgraded it to 2.11.0 and this is the first time I was attempting to renew the certificate with the new certbot version.

I have remove the standalone plugin and when I run certbot certificates I get the below:

root@avmail:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/avmail.alliedvaughn.com.conf produced an unexpected error: error parsing /etc/letsencrypt/renewal/avmail.alliedvaughn.com.conf. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/avmail.alliedvaughn.com.conf

It doesn't indicate what the error is.

10

Please show that file.
Attach it, if possible.

3 Likes
11

avmailconf
avmailconf1238×420 69.8 KB

12

Screenshots are a colossal pain to read. Can you highlight the text in PuTTY so tht it is automatically copied to your clipboard and then paste it between two lines that contain only ``` ?

e.g

```
Your copied text here
```

That will render as:

Your copied text here
4 Likes
13 
renew_before_expiry = 30 days
version = 2.11.0
archive_dir = /etc/letsencrypt/archive/avmail.alliedvaughn.com
cert = /etc/letsencrypt/live/avmail.alliedvaughn.com/cert.pem
privkey = /etc/letsencrypt/live/avmail.alliedvaughn.com/privkey.pem
chain = /etc/letsencrypt/live/avmail.alliedvaughn.com/chain.pem
fullchain = /etc/letsencrypt/live/avmail.alliedvaughn.com/fullchain.pem

Options used in the renewal process
[renewalparams]
account = ea3c0fcb5b3f22e63120356326fb81d7
rsa_key_size = 4096
authenticator = webroot
webroot_path = /var/www/html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
avmail.alliedvaughn.com = /var/www/html
2 Likes
14

That line needs a hashtag, like:
# Options used in the renewal process

5 Likes
15

Yes, and renew_before_expiry originally too, but that option is valid I believe, so works either way..

Very weird if those hash tags magically disappeared :man_shrugging:t2:

3 Likes
16

Thank you all for your help. I was able to renew the certificate today.

5 Likes
17

How?
What made it work?

2 Likes
18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.