I’m not able to renew my certificate. Below is the command I ran with it’s output. My interpretation of the log file is that it’s not able to handle my http conf file which has numerous domains configured in it. Any help would be appreciated.
I got an error when trying to post here about maximum 20 links so I had to delete “https” out of some of the text. Hopefully that doesn’t complicate reviewing the output too much.
sudo ./certbot-auto --renew
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: ambiguous option: --renew could match --renew-by-default, --renew-with-new-domains, --renew-hook
[bullet@ip-50-63-57-76 ~]$ sudo ./certbot-auto renew
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for www.xyz.com
tls-sni-01 challenge for xyz.com
Cleaning up challenges
Attempting to renew cert (www.xyz.com) from /etc/letsencrypt/renewal/www.xyz.com.conf produced an unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com (failure)
If you can, install python2.7
try:
apt-get install python2.7
or:
yum install python2.7
show contents of /etc/letsencrypt/cli.ini file
show contents of /etc/letsencrypt/renewal/www.getsurreal.com.conf file
show output of: sudo ./certbot-auto --version
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.xyz.com
tls-sni-01 challenge for xyz.com
Cleaning up challenges
Attempting to renew cert (www.xyz.com) from /etc/letsencrypt/renewal/www.xyz.com.conf produced an unexpected error: Attempting to overwrite challenge file - /etc/httpd/conf/httpd.conf. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.xyz.com/fullchain.pem (failure)
I was able to get it to work by restoring my original version of certbot-auto which was version 0.16. I then ran the renewal with the don’t upgrade flag and it worked. I don’t know if it mattered, but I also cleared out the /opt/eff.org directory for it to re-download the files.
I think, this may have fixed the problem more than downgrading the certbot version back to 0.16.0
And as you made multiple changes it would be nice to separate them and find the true reason.
So, I would retest with version 0.19.0; Simply backup the 0.16.0 version and let it auto update.