Webinoly is just the perfect tool for NGINX experts. Give it a try!
0 votes
496 views
by Talented

The periodic certificate renewal script produces errors when trying to find directories for deleted sites.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
    resp = self._solve_challenges(aauthzrs)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 132, in _solve_challenges
    resp = self.auth.perform(all_achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 83, in perform
    self._create_challenge_dirs()
  File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 172, in _create_challenge_dirs
    stat_path = os.stat(path)
FileNotFoundError: [Errno 2] No such file or directory: '/var/www/domain.com/htdocs'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 316, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 224, in cleanup
    os.remove(validation_path)
FileNotFoundError: [Errno 2] No such file or directory: '/var/www/domain.com/htdocs/.well-known/acme-challenge/kG9voZCMKPfUglO3vWWyMtL7U0okiliteXwbeIQbniXs'
Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: [Errno 2] No such file or directory: '/var/www/domain.com/htdocs'. Skipping.
by Expert

In the latest Webinoly update I have included a lot of improvements in the SSL area, especially for "Orphan-SSL Certs".

  • Now you can remove an orphan SSL cert with sudo site domain.com -ssl=off even if that site doesn't even exist.
  • Verify command now detect and alert about orphan-certs, if found.
  • When you remove/delete a site you are asked if you want to revoke the associated SSL cert, if found.
Regards.

1 Answer

0 votes
by Expert

Yes, you should remove/revoke your certs before deleting a site. That's expected!

  • We don't remove certs automatically because they can be reused if you create your site again.
  • Let's Encrypt have rate limits, so you should not removing/revoking your certs every time you create a site, thinking in the dev process where can be common, start a new site several times.
  • Even if you disable the SSL you must explicitly chose the option to revoke the SSL cert and not just de-activate it temporaly.
I don't know, maybe I should think in a workaround to deal with orphan certs.
Regards.
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.
Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...