Hello, after upgrade to debian 11 from 10 and update ispconfig i have a problems with lets encrypt. I tried everything i found here, when i disable ssl for my sites and enable, in this case is obtain new ssl for sites and working fine. But every morning in my le log i can see lines as theese When i use command systemtcl i can see Code: ● certbot.service loaded failed failed Certbot Maybe i should try to remove all in etc/letsencrypt after turn off le for domains and try it again? Code: certbot.errors.CertStorageError: expected /etc/letsencrypt/live/xx.cz-0003/cert.pem to be a symlink 2021-09-13 03:00:30,270:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/xx.cz-0004.conf 2021-09-13 03:00:30,272:WARNING:certbot._internal.renewal: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 71, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 471, in __init__ self._check_symlinks() File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 537, in _check_symlinks raise errors.CertStorageError( certbot.errors.CertStorageError: expected /etc/letsencrypt/live/xx.cz-0004/cert.pem to be a symlink 2021-09-13 03:00:30,273:WARNING:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/xx.cz-0004.conf is broken. Skipping. 2021-09-13 03:00:30,273:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 71, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 471, in __init__ self._check_symlinks() File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 537, in _check_symlinks raise errors.CertStorageError( certbot.errors.CertStorageError: expected /etc/letsencrypt/live/xx.cz-0004/cert.pem to be a symlink 2021-09-13 03:00:30,273:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/x.cz.conf 2021-09-13 03:00:30,288:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80 2021-09-13 03:00:36,455:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503 2021-09-13 03:00:36,458:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/xx.cz/cert13.pem is signed by the certificate's issuer. 2021-09-13 03:00:36,461:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/x.cz/cert13.pem is: OCSPCertStatus.GOOD 2021-09-13 03:00:36,465:INFO:certbot._internal.renewal:Cert not yet due for renewal 2021-09-13 03:00:36,468:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2021-09-13 03:00:36,469:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-09-13 03:00:36,469:DEBUG:certbot.display.util:Notifying user: The following certificates are not due for renewal yet: 2021-09-13 03:00:36,469:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/live/forum-x.cz-0001/fullchain.pem expires on 2021-12-01 (skipped) /etc/letsencrypt/live/forumx.cz-0002/fullchain.pem expires on 2021-12-01 (skipped) /etc/letsencrypt/live/xx.cz/fullchain.pem expires on 2021-12-01 (skipped) 2021-09-13 03:00:36,470:DEBUG:certbot.display.util:Notifying user: No renewals were attempted. 2021-09-13 03:00:36,470:DEBUG:certbot.display.util:Notifying user: No hooks were run. 2021-09-13 03:00:36,471:DEBUG:certbot.display.util:Notifying user: Additionally, the following renewal configurations were invalid: 2021-09-13 03:00:36,471:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/renewal/forum-x.cz.conf (parsefail) /etc/letsencrypt/renewal/xx.cz-0001.conf (parsefail) /etc/letsencrypt/renewal/xx.cz-0002.conf (parsefail) /etc/letsencrypt/renewal/xx.cz-0003.conf (parsefail) /etc/letsencrypt/renewal/xx.cz-0004.conf (parsefail) 2021-09-13 03:00:36,472:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-09-13 03:00:36,473:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 33, in <module> sys.exit(load_entry_point('certbot==1.12.0', 'console_scripts', 'certbot')()) File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1413, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1317, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format( certbot.errors.Error: 0 renew failure(s), 5 parse failure(s) 2021-09-13 03:00:36,476:ERROR:certbot._internal.log:0 renew failure(s), 5 parse failure(s) I can not found why there is lines ERROR:certbot._internal.log:0 renew failure(s), 5 parse failure, can not found why there is parse failur renew failure(s), 5 parse failure(s) renew failure(s), 5 parse failure(s)
If you did a backup before upgrading, restore your letsencrypt folder backup. If that is not the problem, check if you have conflicting certbot installs since the latest is install via snap.
Solved, stop LE for domains, remove content of live, renewal and archive, enable again, problem gone.
