Seeing [code:1:5538a5cb94]WARNING:letsencrypt.cli:Renewal configuration file /etc/letsencrypt/renewal/*.conf is broken. Skipping. and
Additionally, the following renewal configuration files were invalid: /path/to/conf (parsefail)[/code:1:5538a5cb94]
Use this and [b:5538a5cb94]create a backup first[/b:5538a5cb94] of /etc/letsencrypt/renewal
Note that this does not work for subdomains. Only for www.domain.ext && domain.ext
Create /tmp/workingtemplate as template based on a working conf file in /etc/letsencrypt/renewal
example
[code:1:5538a5cb94]# renew_before_expiry = 30 days
version = 0.26.1
archive_dir = /etc/letsencrypt/archive/THEDOMAIN
cert = /etc/letsencrypt/live/THEDOMAIN/cert.pem
privkey = /etc/letsencrypt/live/THEDOMAIN/privkey.pem
chain = /etc/letsencrypt/live/THEDOMAIN/chain.pem
fullchain = /etc/letsencrypt/live/THEDOMAIN/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = YOURACCOUNTHERE
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
rsa_key_size = 4096
webroot_path = /www/letsencrypt,
[[webroot_map]]
THENOWWWDOMAIN = /www/letsencrypt
THEDOMAIN = /www/letsencrypt[/code:1:5538a5cb94]
now use this and kick off your renewal process
Note, this list is created using a grep on ‘[b:5538a5cb94]0 Aug[/b:5538a5cb94]’. Make sure to adapt that using
[code:1:5538a5cb94]cd /etc/letsencrypt/renewal && ls -lah[/code:1:5538a5cb94]
[code:1:5538a5cb94]workingtemplate=/tmp/workingtemplate
cd /etc/letsencrypt/renewal
mylist=`ls -lah | grep ‘ 0 Aug’ | awk ‘{print $9}’`
IFS_BAK=$IFS
IFS=’
‘
count=0
for domainfile in $mylist
do
count=$((count+1))
domainshort=${domainfile/.conf/}
domainshortnowwww=${domainshort/www./}
echo $count $domainshort
cat $workingtemplate | sed -r s/THENOWWWDOMAIN/${domainshortnowwww}/g | sed -r s/THEDOMAIN/${domainshort}/g > ${domainfile}
done
IFS=$IFS_BAK[/code:1:5538a5cb94]
Leave a Reply