What can I do after rm -rf /etc/letsencrypt/live/*?


#1

Hi,

I’ve issued two certs via

./letsencrypt certonly
```
But I think something is wrong with my input of that form(I filled two domains with comma separated, but it only generated one folder which named the first domain), so I did
```shell
rm -rf /etc/letsencrypt/live/*
```
then I tried to reissue a new one with the same command earlier, but it says 
```text
could not find cert file
```

Btw, OS is `ubuntu 14.04LTS` and no web-server installed(I'm plan to use docker after got the `.crt` and `.key`).


Thanks,
Simon

#2

Hello @S1M0N,

Just remember, backup backup backup :wink:

If you only removed the live dir content and you created some cert file you could recreate the live content using archive dir.

Before perform any action, please backup your /etc/letsencrypt/ dir:

tar -pzcvf letsencrypt-backup.tar.gz /etc/letsencrypt/

I’ve just did this dirty script to perform this action:

letsdir=/etc/letsencrypt
for i in $(ls ${letsdir}/archive/);do
    mkdir -p "${letsdir}/live/$i/"
    cd ${letsdir}/live/$i/
    lastcert=$(ls -t ../../archive/$i/cert?.pem | head -1)
    certnumber=$(echo "$lastcert" | awk -F'/' '{print $NF}' | tr -d 'cert' | tr -d '.pm')
    lastprivkey="../../archive/$i/privkey${certnumber}.pem"
    lastchain="../../archive/$i/chain${certnumber}.pem"
    lastfullchain="../../archive/$i/fullchain${certnumber}.pem"
    ln -s $lastcert cert.pem
    ln -s $lastprivkey privkey.pem
    ln -s $lastchain chain.pem
    ln -s $lastfullchain fullchain.pem
done

Good luck.
sahsanu


#3

Thank you very much @sahsanu, the .pems back, and one more newbie question, where can I find the .keys? :smile:


#4

/etc/letsencrypt/keys


#5

Thanks for the reply, @serverco

root@server:~# ll /etc/letsencrypt/keys
total 32
drwx------ 2 root root 4096 Jan 19 16:39 ./
drwxr-xr-x 8 root root 4096 Jan 19 14:29 ../
-rw------- 1 root root 1704 Jan 19 14:22 0000_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:26 0001_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:28 0002_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:28 0003_key-letsencrypt.pem
-rw------- 1 root root 1704 Jan 19 14:30 0004_key-letsencrypt.pem
-rw------- 1 root root 1708 Jan 19 16:39 0005_key-letsencrypt.pem

which one is the key used by the first domain issued automatically or how to use these? I need something like domain.com.key and domain.com.crt :anguished:


#6

The private keys connected to your certificate are called privkey.pem and can be found in the /live/ directory.


#7

Osiris is correct if you still have the live directory ( I was assuming from the title you have deleted that ). If you have them there, then great :slight_smile:

You may be easier working from the csr’s. They are in /etc/letsencrypt/csr and you can tell which domain they are for by using the command

openssl req -text -in 0005_csr-letsencrypt.pem | grep Subject

You can then find the corresponding private key in the /etc/letsencrypt/keys directory. and copy / rename them ( remembering to copy / backup rather then move of course :wink: )

Ahh, looking at what sahsanu provided, if you followed that you will have already linked to the keys from the archive, into live.