My server hosts multiple HTTPS web sites and recently I had an issue with my letsencrypt renew service.
I verified that my renew cronwas still there available on my server and it was the case.
Then I checked up the log file and I realize than one of my domains was expired causing the renew tool to crash.
// tail -f /var/log/le-renew.log IMPORTANT NOTES: - The following errors were reported by the server: Domain: my_domain.com Type: dns Detail: DNS problem: NXDOMAIN looking up A for my_domain.com
To solve this problem I did the following:
$ cd /etc/letsencrypt $ cp -R ./live ./live.bak $ cp -R ./renewal ./renewal.bak $ rm -rf ./renewal/my_old_domain.com $ rm -rf ./live/my_old_domain.com (replace with your expired domain) Then manually run cerbot renew $ /usr/local/sbin/certbot-auto renew
Here’s my log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/my_main_website.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... NGINX configured with OpenSSL alternatives is not officiallysupported by Certbot. Plugins selected: Authenticator nginx, Installer nginx Renewing an existing certificate Performing the following challenges: http-01 challenge for my_main_website.com http-01 challenge for www.my_main_website.com Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/my_main_website.com/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/my_main_website.com/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 renew failure(s), 1 parse failure(s)