What can I do after rm -rf /etc/letsencrypt/live/*?

S1M0N · January 19, 2016, 5:45am

Hi,

I’ve issued two certs via

./letsencrypt certonly
```
But I think something is wrong with my input of that form(I filled two domains with comma separated, but it only generated one folder which named the first domain), so I did
```shell
rm -rf /etc/letsencrypt/live/*
```
then I tried to reissue a new one with the same command earlier, but it says 
```text
could not find cert file
```

Btw, OS is `ubuntu 14.04LTS` and no web-server installed(I'm plan to use docker after got the `.crt` and `.key`).


Thanks,
Simon

sahsanu · January 19, 2016, 6:34am

Hello @S1M0N,

Just remember, backup backup backup

If you only removed the live dir content and you created some cert file you could recreate the live content using archive dir.

Before perform any action, please backup your /etc/letsencrypt/ dir:

tar -pzcvf letsencrypt-backup.tar.gz /etc/letsencrypt/

I’ve just did this dirty script to perform this action:

letsdir=/etc/letsencrypt
for i in $(ls ${letsdir}/archive/);do
    mkdir -p "${letsdir}/live/$i/"
    cd ${letsdir}/live/$i/
    lastcert=$(ls -t ../../archive/$i/cert?.pem | head -1)
    certnumber=$(echo "$lastcert" | awk -F'/' '{print $NF}' | tr -d 'cert' | tr -d '.pm')
    lastprivkey="../../archive/$i/privkey${certnumber}.pem"
    lastchain="../../archive/$i/chain${certnumber}.pem"
    lastfullchain="../../archive/$i/fullchain${certnumber}.pem"
    ln -s $lastcert cert.pem
    ln -s $lastprivkey privkey.pem
    ln -s $lastchain chain.pem
    ln -s $lastfullchain fullchain.pem
done

Good luck.
sahsanu

S1M0N · January 19, 2016, 8:52am

Thank you very much @sahsanu, the .pems back, and one more newbie question, where can I find the .keys?

serverco · January 19, 2016, 9:01am

/etc/letsencrypt/keys

S1M0N · January 19, 2016, 9:21am

Thanks for the reply, @serverco

root@server:~# ll /etc/letsencrypt/keys
total 32
drwx------ 2 root root 4096 Jan 19 16:39 ./
drwxr-xr-x 8 root root 4096 Jan 19 14:29 ../
-rw------- 1 root root 1704 Jan 19 14:22 0000_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:26 0001_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:28 0002_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:28 0003_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:30 0004_key-letsencrypt.pem
-rw------- 1 root root 1708 Jan 19 16:39 0005_key-letsencrypt.pem

which one is the key used by the first domain issued automatically or how to use these? I need something like domain.com.key and domain.com.crt

Osiris · January 19, 2016, 9:23am

The private keys connected to your certificate are called privkey.pem and can be found in the /live/ directory.

serverco · January 19, 2016, 9:36am

Osiris is correct if you still have the live directory ( I was assuming from the title you have deleted that ). If you have them there, then great

You may be easier working from the csr's. They are in /etc/letsencrypt/csr and you can tell which domain they are for by using the command

openssl req -text -in 0005_csr-letsencrypt.pem | grep Subject

You can then find the corresponding private key in the /etc/letsencrypt/keys directory. and copy / rename them ( remembering to copy / backup rather then move of course )

Ahh, looking at what sahsanu provided, if you followed that you will have already linked to the keys from the archive, into live.