I deleted a site but the certbot still tried to renew its certificate

Question

The periodic certificate renewal script produces errors when trying to find directories for deleted sites.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
    resp = self._solve_challenges(aauthzrs)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 132, in _solve_challenges
    resp = self.auth.perform(all_achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 83, in perform
    self._create_challenge_dirs()
  File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 172, in _create_challenge_dirs
    stat_path = os.stat(path)
FileNotFoundError: [Errno 2] No such file or directory: '/var/www/domain.com/htdocs'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 316, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 224, in cleanup
    os.remove(validation_path)
FileNotFoundError: [Errno 2] No such file or directory: '/var/www/domain.com/htdocs/.well-known/acme-challenge/kG9voZCMKPfUglO3vWWyMtL7U0okiliteXwbeIQbniXs'
Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: [Errno 2] No such file or directory: '/var/www/domain.com/htdocs'. Skipping.

Comments

In the latest Webinoly update I have included a lot of improvements in the SSL area, especially for "Orphan-SSL Certs".

• Now you can remove an orphan SSL cert with sudo site domain.com -ssl=off even if that site doesn't even exist.
• Verify command now detect and alert about orphan-certs, if found.
• When you remove/delete a site you are asked if you want to revoke the associated SSL cert, if found.

Regards.

Answer 1

Yes, you should remove/revoke your certs before deleting a site. That's expected!

• We don't remove certs automatically because they can be reused if you create your site again.
• Let's Encrypt have rate limits, so you should not removing/revoking your certs every time you create a site, thinking in the dev process where can be common, start a new site several times.
• Even if you disable the SSL you must explicitly chose the option to revoke the SSL cert and not just de-activate it temporaly.

I don't know, maybe I should think in a workaround to deal with orphan certs.

Regards.