Unable to renew certificates

My domain is:
https://gosquare.ng

I ran this command:

sudo certbot certonly --manual -d *.gosquare.ng -d gosquare.ng --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
An unexpected error occurred:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/archive/gosquare.ng/privkey3.pem'
Please see the logfiles in /var/log/letsencrypt for more details.

logfile at /var/log/letsencrypt

2019-07-24 12:05:35,097:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 317, in renew_cert
    lineage.save_successor(prior_version, new_cert, new_key.pem, new_chain, config)
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 1104, in save_successor
    with util.safe_open(target["privkey"], "wb", chmod=BASE_PRIVKEY_MODE) as f:
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 229, in safe_open
    os.open(path, os.O_CREAT | os.O_EXCL | os.O_RDWR, *open_args),
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/archive/gosquare.ng/privkey3.pem'
2019-07-24 12:05:35,099:ERROR:certbot.log:An unexpected error occurred:

The operating system my web server runs on is (include version):
ubuntu 16.04.6

My hosting provider, if applicable, is:
digitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
v0.31.0

extra information

 sudo ls -alR /etc/letsencrypt/{archive,live,renewal}

/etc/letsencrypt/archive:
total 12
drwx------ 3 root root 4096 Jul 12 18:05 .
drwxr-xr-x 9 root root 4096 Jul 24 12:05 ..
drwxr-xr-x 2 root root 4096 Apr 23 15:06 gosquare.ng-0001

/etc/letsencrypt/archive/gosquare.ng-0001:
total 40
drwxr-xr-x 2 root root 4096 Apr 23 15:06 .
drwx------ 3 root root 4096 Jul 12 18:05 ..
-rw-r--r-- 1 root root 1907 Apr 23 14:46 cert1.pem
-rw-r--r-- 1 root root 1923 Apr 23 15:06 cert2.pem
-rw-r--r-- 1 root root 1647 Apr 23 14:46 chain1.pem
-rw-r--r-- 1 root root 1647 Apr 23 15:06 chain2.pem
-rw-r--r-- 1 root root 3554 Apr 23 14:46 fullchain1.pem
-rw-r--r-- 1 root root 3570 Apr 23 15:06 fullchain2.pem
-rw------- 1 root root 1704 Apr 23 14:46 privkey1.pem
-rw------- 1 root root 1704 Apr 23 15:06 privkey2.pem

/etc/letsencrypt/live:
total 20
drwx------ 4 root root 4096 Apr 23 14:46 .
drwxr-xr-x 9 root root 4096 Jul 24 12:05 ..
drwxr-xr-x 3 root root 4096 Apr 23 15:07 gosquare.ng
drwxr-xr-x 2 root root 4096 Apr 23 15:06 gosquare.ng-0001
-rw-r--r-- 1 root root  740 Mar 11 10:01 README

/etc/letsencrypt/live/gosquare.ng:
total 16
drwxr-xr-x 3 root root 4096 Apr 23 15:07 .
drwx------ 4 root root 4096 Apr 23 14:46 ..
lrwxrwxrwx 1 root root   40 Apr 23 15:07 cert.pem -> ../../archive/gosquare.ng-0001/cert2.pem
lrwxrwxrwx 1 root root   41 Apr 23 15:07 chain.pem -> ../../archive/gosquare.ng-0001/chain2.pem
lrwxrwxrwx 1 root root   45 Apr 23 15:07 fullchain.pem -> ../../archive/gosquare.ng-0001/fullchain2.pem
drwxr-xr-x 2 root root 4096 Apr 23 14:49 gosquare.ng-0001
lrwxrwxrwx 1 root root   43 Apr 23 15:07 privkey.pem -> ../../archive/gosquare.ng-0001/privkey2.pem
-rw-r--r-- 1 root root  692 Apr 23 15:07 README

/etc/letsencrypt/live/gosquare.ng/gosquare.ng-0001:
total 12
drwxr-xr-x 2 root root 4096 Apr 23 14:49 .
drwxr-xr-x 3 root root 4096 Apr 23 15:07 ..
lrwxrwxrwx 1 root root   40 Apr 23 14:49 cert.pem -> ../../archive/gosquare.ng-0001/cert1.pem
lrwxrwxrwx 1 root root   41 Apr 23 14:49 chain.pem -> ../../archive/gosquare.ng-0001/chain1.pem
lrwxrwxrwx 1 root root   45 Apr 23 14:49 fullchain.pem -> ../../archive/gosquare.ng-0001/fullchain1.pem
lrwxrwxrwx 1 root root   43 Apr 23 14:49 privkey.pem -> ../../archive/gosquare.ng-0001/privkey1.pem
-rw-r--r-- 1 root root  692 Apr 23 14:49 README

/etc/letsencrypt/live/gosquare.ng-0001:
total 12
drwxr-xr-x 2 root root 4096 Apr 23 15:06 .
drwx------ 4 root root 4096 Apr 23 14:46 ..
lrwxrwxrwx 1 root root   40 Apr 23 15:06 cert.pem -> ../../archive/gosquare.ng-0001/cert2.pem
lrwxrwxrwx 1 root root   41 Apr 23 15:06 chain.pem -> ../../archive/gosquare.ng-0001/chain2.pem
lrwxrwxrwx 1 root root   45 Apr 23 15:06 fullchain.pem -> ../../archive/gosquare.ng-0001/fullchain2.pem
lrwxrwxrwx 1 root root   43 Apr 23 15:06 privkey.pem -> ../../archive/gosquare.ng-0001/privkey2.pem
-rw-r--r-- 1 root root  692 Apr 23 14:46 README

/etc/letsencrypt/renewal:
total 16
drwxr-xr-x 2 root root 4096 Apr 23 15:06 .
drwxr-xr-x 9 root root 4096 Jul 24 12:05 ..
-rw-r--r-- 1 root root  577 Apr 23 15:06 gosquare.ng-0001.conf
-rw-r--r-- 1 root root  530 Mar 11 10:01 gosquare.ng.conf

Hi @seunlanlege

looks like you have deleted something, so now Certbot can't validate your files.

Is there a config file in

/etc/letsencrypt/renewal

with such a link.

yes there is

root@ubuntu-s-1vcpu-1gb-lon1-01:~# ls -la /etc/letsencrypt/renewal
total 16
drwxr-xr-x 2 root root 4096 Apr 23 15:06 .
drwxr-xr-x 9 root root 4096 Jul 24 13:14 ..
-rw-r--r-- 1 root root  577 Apr 23 15:06 gosquare.ng-0001.conf
-rw-r--r-- 1 root root  530 Mar 11 10:01 gosquare.ng.conf

I’ve deleted /etc/letsencrypt and obtained new certs. Fixed the problem for me.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.