"Unexpected number of equal signs in runtime config dump."

Running certbot since a long time, I do not understand why I suddenly receive this message, and, moreover, I have no idea, where to look for the underlying problem. Please assist.

Webserver = Apache 2.4.38-3+deb10u4
Debian 10

Please post more information.

For example:

  • What command did you run?
  • How did you install certbot?
  • Can you post the complete output and not just a single warning/error message?
1 Like

Start here:

What says:
apachectl -S
Have you made any changes recently?
Do you have a working backup?

apachectl -S looks to be fine - let me come back later to that.

Other question, as it is perhaps better to clean everything up on my machine:

I have a working myserver.tld-0002.conf, but
myserver-0001.conf is missing (because I cleaned up) and therefore the certbot --dry-run fails or throws warnings with:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__ "file reference".format(self.configfile)) certbot.errors.CertStorageError: renewal config file {} is missing a required file reference Renewal configuration file /etc/letsencrypt/renewal/myserver-0001.conf is broken. Skipping.

How can I restart from zero to get a fresh Letsencrypt suite ? I was a very early LE adaptor and suppose, something has become rotten over the years.

Please read the error message closely: it's not missing, it's broken.

And please how can I dismiss all old files and restart with generating a fresh certificate for all of my servers and their subdomains? Something is apparently wrong, yes.

Well, normally you would use certbot delete --cert-name $certificate_name, but that won't work in this case. You could either try to fix the myserver-0001.conf file (perhaps using the functional myserver-0002.conf as an example) or delete it altogether. If you delete the myserver-0001.conf file, you should also delete the /etc/letsencrypt/live/myserver-0001/ and /etc/letsencrypt/archive/myserver-0001/ directories.

I edited the -0002.conf file and then I ran sudo certbot certonly -webroot -d domain1 -d domain2 ....
which now works

thx
report can be closed.

When I have a working -0002.conf installation, can I safely delete all other (-0001.conf, conf) files?

I thought 0002 was already working as you said 13 minutes ago confused..

But yes, you could delete the non-working stuff. Please use certbot delete --cert-name as the main method of removing unnecessary certificates.