Expired Certificate

gstuart · August 26, 2022, 9:46pm

NethServer Version: 7.9.2009
Module: Sogo

Hello, This is my first post here, and I am hoping I have put it in the right category. So I have users that use Sogo mail on their phone and computer. They are now starting to get an error that a certificate has expired as of today. I have looked everywhere that I can think of to find that out of date certificate. However currently I cannot find an out of date cert. Where else can I look for this certificate? Has anyone else run across this issue before?

Any help or ideas are appreciated, Thank you

gstuart · August 26, 2022, 10:27pm

Ok, Update:

I have figured it is the Cert on the NethServer. Specifically the chain.pem has expired. /etc/letsencrypt/live/nethserver.domain.com-0002 directory.

I have tried to issue the certbot renew command, but I am getting errors.

Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 71, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/usr/lib/python2.7/site-packages/certbot/_internal/storage.py”, line 470, in init
self._check_symlinks()
File “/usr/lib/python2.7/site-packages/certbot/_internal/storage.py”, line 537, in _check_symlinks
“expected {0} to be a symlink”.format(link))
CertStorageError: expected /etc/letsencrypt/live/nethserver.domain.com/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/nethserver.domain.com.conf is broken. Skipping.

I am also getting a:

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/nethserver.domain.com-0002/fullchain.pem expires on 2022-10-25 (skipped)
No renewals were attempted.

pike · August 27, 2022, 7:51am

Hi @gstuart , personally I’m quite baffled.
I established more or less 15 servers publicly available with hostnames and they are updated form certbot regularly with Let’s Encrypt certficates. This for testify that… things usually works without hassle.

Therefore: what did you do more than “install modules”?
Did you change disk permissions?
Did you add specific symlinks or mountpoints?
Did you change the homepage or other things on the default website?
Did you install CentOS packages more than modules of NethServer?

gstuart · August 29, 2022, 12:34pm

Hello Michael,

Yeah, everything I hear about Nethserver just works with no hassle.
To answer your questions:
Did you do more than “install modules”? No, I inherited this from the previous guy but I do not see anything crazy added.
Did you change disk permissions? No
Did you add specific symlinks or mountpoints? No,
Did you change the homepage or other things on the default website? No
Did you install CentOS packages more than modules of NethServer? No

Now keep in mind, when I say “No” I have not made any changes. This is an inherited system.

gstuart · August 29, 2022, 1:28pm

Here is another update, I tried hitting the big blue button to renew the cert. " I did not do that first because I did not know what it did, so I was being cautious.

Here is the error I get:
Error

dashboard.cert_encrypt_error

The following command has failed:
system-certificate/update

Unfortunately we couldn’t catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.

danb35 · August 29, 2022, 1:51pm

This indicates that you’ve done some manual messing around in your certificates directory. Let’s see what’s going on there–can you show the output of ls -lR /etc/letsencrypt and config show pki?

gstuart · August 29, 2022, 2:41pm

[root@nethserver /]# ls -lR /etc/letsencrypt and config show pki
ls: cannot access and: No such file or directory
ls: cannot access config: No such file or directory
ls: cannot access show: No such file or directory
ls: cannot access pki: No such file or directory
/etc/letsencrypt:
total 8
drwx------ 3 root root   42 Mar 10  2020 accounts
drwx------ 5 root root  125 Nov 28  2021 archive
drwxr-xr-x 2 root root 4096 Aug 29 08:20 csr
drwx------ 2 root root 4096 Aug 29 08:20 keys
drwx------ 5 root root  143 Aug 26 16:06 live
drwxr-xr-x 2 root root  124 Aug 29 09:33 renewal
drwxr-xr-x 5 root root   43 Mar 10  2020 renewal-hooks

/etc/letsencrypt/accounts:
total 0
drwx------ 3 root root 23 Mar 10  2020 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 0
drwx------ 3 root root 46 Mar 10  2020 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 0
drwx------ 2 root root 64 Apr 21  2021 59cc974aa446ddc4b0eec24b48d3fee9

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/59cc974aa446ddc4b0eec24b48d3fee9:
total 12
-rw-r--r-- 1 root root   83 Mar 10  2020 meta.json
-r-------- 1 root root 1632 Mar 10  2020 private_key.json
-rw-r--r-- 1 root root   78 Mar 10  2020 regr.json

/etc/letsencrypt/archive:
total 8
drwxr-xr-x 2 root root 4096 Aug 26 16:05 nethserver.cuicable.com
drwxr-xr-x 2 root root  103 Nov 28  2021 nethserver.cuicable.com-0001
drwxr-xr-x 2 root root 4096 Aug 29 08:20 nethserver.cuicable.com-0002

/etc/letsencrypt/archive/nethserver.cuicable.com:
total 268
-rw-r--r-- 1 root root 2041 Oct  3  2020 cert10.pem
-rw-r--r-- 1 root root 1976 Dec  2  2020 cert11.pem
-rw-r--r-- 1 root root 1976 Feb  1  2021 cert12.pem
-rw-r--r-- 1 root root 1976 Apr  3  2021 cert13.pem
-rw-r--r-- 1 root root 1976 Jun  2  2021 cert14.pem
-rw-r--r-- 1 root root 2017 Jul  1  2021 cert15.pem
-rw-r--r-- 1 root root 2017 Aug 30  2021 cert16.pem
-rw-r--r-- 1 root root 1931 Mar 10  2020 cert1.pem
-rw-r--r-- 1 root root 1964 Mar 10  2020 cert2.pem
-rw-r--r-- 1 root root 1996 Mar 10  2020 cert3.pem
-rw-r--r-- 1 root root 2021 Mar 10  2020 cert4.pem
-rw-r--r-- 1 root root 2021 Mar 23  2020 cert5.pem
-rw-r--r-- 1 root root 2025 Apr  6  2020 cert6.pem
-rw-r--r-- 1 root root 2045 Apr  7  2020 cert7.pem
-rw-r--r-- 1 root root 2041 Jun  4  2020 cert8.pem
-rw-r--r-- 1 root root 2045 Aug  4  2020 cert9.pem
-rw-r--r-- 1 root root 1647 Oct  3  2020 chain10.pem
-rw-r--r-- 1 root root 1586 Dec  2  2020 chain11.pem
-rw-r--r-- 1 root root 1586 Feb  1  2021 chain12.pem
-rw-r--r-- 1 root root 1586 Apr  3  2021 chain13.pem
-rw-r--r-- 1 root root 3749 Jun  2  2021 chain14.pem
-rw-r--r-- 1 root root 3749 Jul  1  2021 chain15.pem
-rw-r--r-- 1 root root 3749 Aug 30  2021 chain16.pem
-rw-r--r-- 1 root root 1647 Mar 10  2020 chain1.pem
-rw-r--r-- 1 root root 1647 Mar 10  2020 chain2.pem
-rw-r--r-- 1 root root 1647 Mar 10  2020 chain3.pem
-rw-r--r-- 1 root root 1647 Mar 10  2020 chain4.pem
-rw-r--r-- 1 root root 1647 Mar 23  2020 chain5.pem
-rw-r--r-- 1 root root 1647 Apr  6  2020 chain6.pem
-rw-r--r-- 1 root root 1647 Apr  7  2020 chain7.pem
-rw-r--r-- 1 root root 1647 Jun  4  2020 chain8.pem
-rw-r--r-- 1 root root 1647 Aug  4  2020 chain9.pem
-rw-r--r-- 1 root root 3688 Oct  3  2020 fullchain10.pem
-rw-r--r-- 1 root root 3562 Dec  2  2020 fullchain11.pem
-rw-r--r-- 1 root root 3562 Feb  1  2021 fullchain12.pem
-rw-r--r-- 1 root root 3562 Apr  3  2021 fullchain13.pem
-rw-r--r-- 1 root root 5725 Jun  2  2021 fullchain14.pem
-rw-r--r-- 1 root root 5766 Jul  1  2021 fullchain15.pem
-rw-r--r-- 1 root root 5766 Aug 30  2021 fullchain16.pem
-rw-r--r-- 1 root root 3578 Mar 10  2020 fullchain1.pem
-rw-r--r-- 1 root root 3611 Mar 10  2020 fullchain2.pem
-rw-r--r-- 1 root root 3643 Mar 10  2020 fullchain3.pem
-rw-r--r-- 1 root root 3668 Mar 10  2020 fullchain4.pem
-rw-r--r-- 1 root root 3668 Mar 23  2020 fullchain5.pem
-rw-r--r-- 1 root root 3672 Apr  6  2020 fullchain6.pem
-rw-r--r-- 1 root root 3692 Apr  7  2020 fullchain7.pem
-rw-r--r-- 1 root root 3688 Jun  4  2020 fullchain8.pem
-rw-r--r-- 1 root root 3692 Aug  4  2020 fullchain9.pem
-rw------- 1 root root 1704 Oct  3  2020 privkey10.pem
-rw------- 1 root root 1708 Dec  2  2020 privkey11.pem
-rw------- 1 root root 1704 Feb  1  2021 privkey12.pem
-rw------- 1 root root 1704 Apr  3  2021 privkey13.pem
-rw------- 1 root root 1708 Jun  2  2021 privkey14.pem
-rw------- 1 root root 1704 Jul  1  2021 privkey15.pem
-rw------- 1 root root 1704 Aug 30  2021 privkey16.pem
-rw------- 1 root root 1704 Mar 10  2020 privkey1.pem
-rw------- 1 root root 1704 Mar 10  2020 privkey2.pem
-rw------- 1 root root 1704 Mar 10  2020 privkey3.pem
-rw------- 1 root root 1704 Mar 10  2020 privkey4.pem
-rw------- 1 root root 1704 Mar 23  2020 privkey5.pem
-rw------- 1 root root 1704 Apr  6  2020 privkey6.pem
-rw------- 1 root root 1704 Apr  7  2020 privkey7.pem
-rw------- 1 root root 1704 Jun  4  2020 privkey8.pem
-rw------- 1 root root 1704 Aug  4  2020 privkey9.pem

/etc/letsencrypt/archive/nethserver.cuicable.com-0001:
total 20
-rw-r--r-- 1 root root 1948 Nov 28  2021 cert1.pem
-rw-r--r-- 1 root root 3749 Nov 28  2021 chain1.pem
-rw-r--r-- 1 root root 5697 Nov 28  2021 fullchain1.pem
-rw------- 1 root root 1704 Nov 28  2021 privkey1.pem

/etc/letsencrypt/archive/nethserver.cuicable.com-0002:
total 152
-rw-r--r-- 1 root root 1944 Nov 28  2021 cert1.pem
-rw-r--r-- 1 root root 1948 Jan 28  2022 cert2.pem
-rw-r--r-- 1 root root 1948 Mar 29 07:50 cert3.pem
-rw-r--r-- 1 root root 1944 May 28 07:39 cert4.pem
-rw-r--r-- 1 root root 1948 Jul 27 09:22 cert5.pem
-rw-r--r-- 1 root root 1944 Aug 29 08:16 cert6.pem
-rw-r--r-- 1 root root 1944 Aug 29 08:18 cert7.pem
-rw-r--r-- 1 root root 1948 Aug 29 08:19 cert8.pem
-rw-r--r-- 1 root root 1948 Aug 29 08:20 cert9.pem
-rw-r--r-- 1 root root 3749 Nov 28  2021 chain1.pem
-rw-r--r-- 1 root root 3749 Jan 28  2022 chain2.pem
-rw-r--r-- 1 root root 1826 Mar 29 07:50 chain3.pem
-rw-r--r-- 1 root root 1826 May 28 07:39 chain4.pem
-rw-r--r-- 1 root root 1826 Jul 27 09:22 chain5.pem
-rw-r--r-- 1 root root 1826 Aug 29 08:16 chain6.pem
-rw-r--r-- 1 root root 1826 Aug 29 08:18 chain7.pem
-rw-r--r-- 1 root root 1826 Aug 29 08:19 chain8.pem
-rw-r--r-- 1 root root 1826 Aug 29 08:20 chain9.pem
-rw-r--r-- 1 root root 5693 Nov 28  2021 fullchain1.pem
-rw-r--r-- 1 root root 5697 Jan 28  2022 fullchain2.pem
-rw-r--r-- 1 root root 3774 Mar 29 07:50 fullchain3.pem
-rw-r--r-- 1 root root 3770 May 28 07:39 fullchain4.pem
-rw-r--r-- 1 root root 3774 Jul 27 09:22 fullchain5.pem
-rw-r--r-- 1 root root 3770 Aug 29 08:16 fullchain6.pem
-rw-r--r-- 1 root root 3770 Aug 29 08:18 fullchain7.pem
-rw-r--r-- 1 root root 3774 Aug 29 08:19 fullchain8.pem
-rw-r--r-- 1 root root 3774 Aug 29 08:20 fullchain9.pem
-rw------- 1 root root 1708 Nov 28  2021 privkey1.pem
-rw------- 1 root root 1704 Jan 28  2022 privkey2.pem
-rw------- 1 root root 1704 Mar 29 07:50 privkey3.pem
-rw------- 1 root root 1708 May 28 07:39 privkey4.pem
-rw------- 1 root root 1704 Jul 27 09:22 privkey5.pem
-rw------- 1 root root 1704 Aug 29 08:16 privkey6.pem
-rw------- 1 root root 1704 Aug 29 08:18 privkey7.pem
-rw------- 1 root root 1704 Aug 29 08:19 privkey8.pem
-rw------- 1 root root 1704 Aug 29 08:20 privkey9.pem

/etc/letsencrypt/csr:
total 228
-rw-r--r-- 1 root root  936 Mar 10  2020 0000_csr-certbot.pem
-rw-r--r-- 1 root root  968 Mar 10  2020 0001_csr-certbot.pem
-rw-r--r-- 1 root root 1001 Mar 10  2020 0002_csr-certbot.pem
-rw-r--r-- 1 root root 1025 Mar 10  2020 0003_csr-certbot.pem
-rw-r--r-- 1 root root 1025 Mar 23  2020 0004_csr-certbot.pem
-rw-r--r-- 1 root root 1025 Apr  6  2020 0005_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Apr  7  2020 0006_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Jun  4  2020 0007_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Aug  4  2020 0008_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Oct  3  2020 0009_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Dec  2  2020 0010_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Feb  1  2021 0011_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Apr  2  2021 0012_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Apr  3  2021 0013_csr-certbot.pem
-rw-r--r-- 1 root root 1050 Jun  2  2021 0014_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Jul  1  2021 0015_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Aug 30  2021 0016_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Oct 30  2021 0017_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Oct 31  2021 0018_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  1  2021 0019_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  2  2021 0020_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  3  2021 0021_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  4  2021 0022_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  5  2021 0023_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  6  2021 0024_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  7  2021 0025_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  8  2021 0026_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov  9  2021 0027_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 10  2021 0028_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 11  2021 0029_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 12  2021 0030_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 13  2021 0031_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 14  2021 0032_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 15  2021 0033_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 16  2021 0034_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 17  2021 0035_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 18  2021 0036_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 19  2021 0037_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 20  2021 0038_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 21  2021 0039_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 22  2021 0040_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 23  2021 0041_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 24  2021 0042_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 25  2021 0043_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 26  2021 0044_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 27  2021 0045_csr-certbot.pem
-rw-r--r-- 1 root root 1090 Nov 28  2021 0046_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Nov 28  2021 0047_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Nov 28  2021 0048_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jan 28  2022 0049_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Mar 29 07:50 0050_csr-certbot.pem
-rw-r--r-- 1 root root 1017 May 28 07:39 0051_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Jul 27 09:22 0052_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Aug 29 08:16 0053_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Aug 29 08:18 0054_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Aug 29 08:19 0055_csr-certbot.pem
-rw-r--r-- 1 root root 1017 Aug 29 08:20 0056_csr-certbot.pem

/etc/letsencrypt/keys:
total 228
-rw------- 1 root root 1704 Mar 10  2020 0000_key-certbot.pem
-rw------- 1 root root 1704 Mar 10  2020 0001_key-certbot.pem
-rw------- 1 root root 1704 Mar 10  2020 0002_key-certbot.pem
-rw------- 1 root root 1704 Mar 10  2020 0003_key-certbot.pem
-rw------- 1 root root 1704 Mar 23  2020 0004_key-certbot.pem
-rw------- 1 root root 1704 Apr  6  2020 0005_key-certbot.pem
-rw------- 1 root root 1704 Apr  7  2020 0006_key-certbot.pem
-rw------- 1 root root 1704 Jun  4  2020 0007_key-certbot.pem
-rw------- 1 root root 1704 Aug  4  2020 0008_key-certbot.pem
-rw------- 1 root root 1704 Oct  3  2020 0009_key-certbot.pem
-rw------- 1 root root 1708 Dec  2  2020 0010_key-certbot.pem
-rw------- 1 root root 1704 Feb  1  2021 0011_key-certbot.pem
-rw------- 1 root root 1704 Apr  2  2021 0012_key-certbot.pem
-rw------- 1 root root 1704 Apr  3  2021 0013_key-certbot.pem
-rw------- 1 root root 1708 Jun  2  2021 0014_key-certbot.pem
-rw------- 1 root root 1704 Jul  1  2021 0015_key-certbot.pem
-rw------- 1 root root 1704 Aug 30  2021 0016_key-certbot.pem
-rw------- 1 root root 1704 Oct 30  2021 0017_key-certbot.pem
-rw------- 1 root root 1704 Oct 31  2021 0018_key-certbot.pem
-rw------- 1 root root 1704 Nov  1  2021 0019_key-certbot.pem
-rw------- 1 root root 1704 Nov  2  2021 0020_key-certbot.pem
-rw------- 1 root root 1704 Nov  3  2021 0021_key-certbot.pem
-rw------- 1 root root 1704 Nov  4  2021 0022_key-certbot.pem
-rw------- 1 root root 1708 Nov  5  2021 0023_key-certbot.pem
-rw------- 1 root root 1708 Nov  6  2021 0024_key-certbot.pem
-rw------- 1 root root 1704 Nov  7  2021 0025_key-certbot.pem
-rw------- 1 root root 1704 Nov  8  2021 0026_key-certbot.pem
-rw------- 1 root root 1704 Nov  9  2021 0027_key-certbot.pem
-rw------- 1 root root 1704 Nov 10  2021 0028_key-certbot.pem
-rw------- 1 root root 1704 Nov 11  2021 0029_key-certbot.pem
-rw------- 1 root root 1708 Nov 12  2021 0030_key-certbot.pem
-rw------- 1 root root 1704 Nov 13  2021 0031_key-certbot.pem
-rw------- 1 root root 1704 Nov 14  2021 0032_key-certbot.pem
-rw------- 1 root root 1704 Nov 15  2021 0033_key-certbot.pem
-rw------- 1 root root 1704 Nov 16  2021 0034_key-certbot.pem
-rw------- 1 root root 1704 Nov 17  2021 0035_key-certbot.pem
-rw------- 1 root root 1704 Nov 18  2021 0036_key-certbot.pem
-rw------- 1 root root 1704 Nov 19  2021 0037_key-certbot.pem
-rw------- 1 root root 1704 Nov 20  2021 0038_key-certbot.pem
-rw------- 1 root root 1704 Nov 21  2021 0039_key-certbot.pem
-rw------- 1 root root 1704 Nov 22  2021 0040_key-certbot.pem
-rw------- 1 root root 1708 Nov 23  2021 0041_key-certbot.pem
-rw------- 1 root root 1704 Nov 24  2021 0042_key-certbot.pem
-rw------- 1 root root 1704 Nov 25  2021 0043_key-certbot.pem
-rw------- 1 root root 1704 Nov 26  2021 0044_key-certbot.pem
-rw------- 1 root root 1704 Nov 27  2021 0045_key-certbot.pem
-rw------- 1 root root 1704 Nov 28  2021 0046_key-certbot.pem
-rw------- 1 root root 1704 Nov 28  2021 0047_key-certbot.pem
-rw------- 1 root root 1708 Nov 28  2021 0048_key-certbot.pem
-rw------- 1 root root 1704 Jan 28  2022 0049_key-certbot.pem
-rw------- 1 root root 1704 Mar 29 07:50 0050_key-certbot.pem
-rw------- 1 root root 1708 May 28 07:39 0051_key-certbot.pem
-rw------- 1 root root 1704 Jul 27 09:22 0052_key-certbot.pem
-rw------- 1 root root 1704 Aug 29 08:16 0053_key-certbot.pem
-rw------- 1 root root 1704 Aug 29 08:18 0054_key-certbot.pem
-rw------- 1 root root 1704 Aug 29 08:19 0055_key-certbot.pem
-rw------- 1 root root 1704 Aug 29 08:20 0056_key-certbot.pem

/etc/letsencrypt/live:
total 4
drwxr-xr-x 2 root root  41 Aug 26 16:06 nethserver.cuicable.com
drwxr-xr-x 2 root root  53 Aug 26 16:07 nethserver.cuicable.com-0001
drwxr-xr-x 2 root root 117 Aug 29 08:20 nethserver.cuicable.com-0002
-rw-r--r-- 1 root root 740 Mar 10  2020 README

/etc/letsencrypt/live/nethserver.cuicable.com:
total 4
lrwxrwxrwx 1 root root  53 Aug 30  2021 fullchain.pem -> ../../archive/nethserver.cuicable.com/fullchain16.pem
-rw-r--r-- 1 root root 692 Mar 10  2020 README

/etc/letsencrypt/live/nethserver.cuicable.com-0001:
total 4
lrwxrwxrwx 1 root root  57 Nov 28  2021 fullchain.pem -> ../../archive/nethserver.cuicable.com-0001/fullchain1.pem
-rw-r--r-- 1 root root 692 Nov 28  2021 README

/etc/letsencrypt/live/nethserver.cuicable.com-0002:
total 4
lrwxrwxrwx 1 root root  52 Aug 29 08:20 cert.pem -> ../../archive/nethserver.cuicable.com-0002/cert9.pem
lrwxrwxrwx 1 root root  53 Aug 29 08:20 chain.pem -> ../../archive/nethserver.cuicable.com-0002/chain9.pem
lrwxrwxrwx 1 root root  57 Aug 29 08:20 fullchain.pem -> ../../archive/nethserver.cuicable.com-0002/fullchain9.pem
lrwxrwxrwx 1 root root  55 Aug 29 08:20 privkey.pem -> ../../archive/nethserver.cuicable.com-0002/privkey9.pem
-rw-r--r-- 1 root root 692 Nov 28  2021 README

/etc/letsencrypt/renewal:
total 12
-rw-r--r-- 1 root root 685 Nov 28  2021 nethserver.cuicable.com-0001.conf
-rw-r--r-- 1 root root 716 Aug 29 08:20 nethserver.cuicable.com-0002.conf
-rw-r--r-- 1 root root 883 Aug 30  2021 nethserver.cuicable.com.conf

/etc/letsencrypt/renewal-hooks:
total 0
drwxr-xr-x 2 root root 26 Aug 26 17:13 deploy
drwxr-xr-x 2 root root  6 Mar 10  2020 post
drwxr-xr-x 2 root root  6 Mar 10  2020 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 4
-rwxr-xr-x 1 root root 59 Oct 25  2021 10nethserver

/etc/letsencrypt/renewal-hooks/post:
total 0

/etc/letsencrypt/renewal-hooks/pre:
total 0
[root@nethserver /]#

gstuart · August 29, 2022, 2:41pm

Hello danb35:

I just sent the output above.

Greg

danb35 · August 29, 2022, 3:30pm

Those were intended to be two separate commands, so I still need the output of config show pki. But something’s happened to live/nethserver.cuicable.com/ and live/nethserver.cuicable.com-0001/ Both of those directories should have the same four symlinks in them that live/nethserver.cuicable.com-0002/ does, but they don’t–and it looks like something was done to both of those directories just a few days ago.

gstuart · August 29, 2022, 3:41pm

Sorry about that, Here you go Dan

[root@nethserver ~]# config show pki
pki=configuration
    CertificateDuration=3650
    ChainFile=/etc/letsencrypt/live/nethserver.cuicable.com-0002/chain.pem
    CommonName=
    CountryCode=
    CrtFile=/etc/letsencrypt/live/nethserver.cuicable.com-0002/cert.pem
    EmailAddress=
    KeyFile=/etc/letsencrypt/live/nethserver.cuicable.com-0002/privkey.pem
    LetsEncryptChallenge=http
    LetsEncryptDomains=nethserver.cuicable.com,mx1.cuicable.com,mx1.avxinc.com,mx1.millerfoundation.net
    LetsEncryptMail=gregstuart@avxinc.com
    LetsEncryptShortChain=enabled
    Locality=
    Organization=
    OrganizationalUnitName=
    State=
    SubjectAltName=

danb35 · August 29, 2022, 3:55pm

OK, that looks about as expected. Try this:

First, take a backup of /etc/letsencrypt, just in case this breaks something: tar -cvjSf /root/letsencrypt-backup.tar.bz2 /etc/letsencrypt/
Then, delete the broken certs: certbot delete --cert-name nethserver.cuicable.com and certbot delete --cert-name nethserver.cuicable-0001.com.
Now, see if renewal succeeds: certbot renew
If it did, tell the system to refresh the cert: signal-event certificate-update

gstuart · August 29, 2022, 4:20pm

Ok,

The certbot delete for nethserver.cuicable.com worked, However the 0001 did not work. I am posting the error. Would it be possiable to just delete the directory?

[root@nethserver etc]# certbot delete --cert-name nethserver.cuicable-0001.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * nethserver.cuicable-0001.com

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
No certificate found with name nethserver.cuicable-0001.com (expected /etc/letsencrypt/renewal/nethserver.cuicable-0001.com.conf).
[root@nethserver etc]#

danb35 · August 29, 2022, 4:33pm

That looks like it’s there from what you’d posted previously. What does certbot certificates say?

gstuart · August 29, 2022, 4:49pm

yes it is there:

[root@nethserver log]# cd /etc/letsencrypt/
[root@nethserver letsencrypt]# ls
accounts  archive  csr  keys  live  renewal  renewal-hooks
[root@nethserver letsencrypt]# cd renewal
[root@nethserver renewal]# ls
nethserver.cuicable.com-0001.conf  nethserver.cuicable.com-0002.conf
[root@nethserver renewal]# 
[root@nethserver renewal]# 
[root@nethserver renewal]# 
[root@nethserver renewal]# 
[root@nethserver renewal]# 
[root@nethserver renewal]# 
[root@nethserver renewal]# 
[root@nethserver renewal]# ls
nethserver.cuicable.com-0001.conf  nethserver.cuicable.com-0002.conf
[root@nethserver renewal]#

But when I look at the 0001.conf file

# renew_before_expiry = 30 days
version = 1.11.0
archive_dir = /etc/letsencrypt/archive/nethserver.cuicable.com-0001
cert = /etc/letsencrypt/live/nethserver.cuicable.com-0001/cert.pem
privkey = /etc/letsencrypt/live/nethserver.cuicable.com-0001/privkey.pem
chain = /etc/letsencrypt/live/nethserver.cuicable.com-0001/chain.pem
fullchain = /etc/letsencrypt/live/nethserver.cuicable.com-0001/fullchain.pem

Which is expected, But when I go and look in the directory where it is expecting things:
/etc/letsencrypt/live/nethserver.cuicable.com-0001 << here is what I see

[root@nethserver nethserver.cuicable.com-0001]# ls
fullchain.pem  README
[root@nethserver nethserver.cuicable.com-0001]#

I am missing 4 other files that should be there.

gstuart · August 29, 2022, 4:52pm

certbot certificates says the following:

[root@nethserver /]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/nethserver.cuicable.com-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/nethserver.cuicable.com-0001/cert.pem to be a symlink. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: nethserver.cuicable.com-0002
    Serial Number: 30b5c30203b5109716dc7d9141ac1a650d5
    Key Type: RSA
    Domains: nethserver.cuicable.com mx1.avxinc.com mx1.cuicable.com mx1.millerfoundation.net
    Expiry Date: 2022-11-27 12:20:18+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/nethserver.cuicable.com-0002/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/nethserver.cuicable.com-0002/privkey.pem

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/nethserver.cuicable.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@nethserver /]#

danb35 · August 29, 2022, 5:10pm

…and certbot delete --cert-name nethserver.cuicable.com-0001 doesn’t work?

gstuart · August 29, 2022, 5:24pm

Ok, that is weird, it worked this time. I may have mis-typed or something … but … well anyways. So when I do a certbot renew below is what I get:

[root@nethserver nethserver.cuicable.com-0002]# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nethserver.cuicable.com-0002.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/nethserver.cuicable.com-0002/fullchain.pem expires on 2022-11-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@nethserver nethserver.cuicable.com-0002]#

Which is awesome, no errors :).

Now yes it is saying that the cert does not need to be renewed. However chain.pem is showing expired 8/26/2022. Which I do not understand how that can happen. It all should have the same Date.

danb35 · August 29, 2022, 5:30pm

chain.pem would have the intermediate CA signing cert(s), and should be valid for quite some time. In what way is it showing expired as of a few days ago? Because it’s looking like you obtained four different certs within five minutes this morning.

gstuart · August 29, 2022, 5:42pm

Here is the screen shot.

danb35 · August 29, 2022, 5:45pm

Have you run signal-event certificate-update?