letsencrypt CertStorageError: renewal config file {} is missing a required file reference

By.

min read

My profile

Share this:

Seeing [code:1:5538a5cb94]WARNING:letsencrypt.cli:Renewal configuration file /etc/letsencrypt/renewal/*.conf is broken. Skipping. and
Additionally, the following renewal configuration files were invalid: /path/to/conf (parsefail)[/code:1:5538a5cb94]

Use this and [b:5538a5cb94]create a backup first[/b:5538a5cb94] of /etc/letsencrypt/renewal
Note that this does not work for subdomains. Only for www.domain.ext && domain.ext

Create /tmp/workingtemplate as template based on a working conf file in /etc/letsencrypt/renewal

example
[code:1:5538a5cb94]# renew_before_expiry = 30 days
version = 0.26.1
archive_dir = /etc/letsencrypt/archive/THEDOMAIN
cert = /etc/letsencrypt/live/THEDOMAIN/cert.pem
privkey = /etc/letsencrypt/live/THEDOMAIN/privkey.pem
chain = /etc/letsencrypt/live/THEDOMAIN/chain.pem
fullchain = /etc/letsencrypt/live/THEDOMAIN/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = YOURACCOUNTHERE
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
rsa_key_size = 4096
webroot_path = /www/letsencrypt,
[[webroot_map]]
THENOWWWDOMAIN = /www/letsencrypt
THEDOMAIN = /www/letsencrypt[/code:1:5538a5cb94]

now use this and kick off your renewal process
Note, this list is created using a grep on ‘[b:5538a5cb94]0 Aug[/b:5538a5cb94]’. Make sure to adapt that using
[code:1:5538a5cb94]cd /etc/letsencrypt/renewal && ls -lah[/code:1:5538a5cb94]

[code:1:5538a5cb94]workingtemplate=/tmp/workingtemplate
cd /etc/letsencrypt/renewal

mylist=`ls -lah | grep ‘ 0 Aug’ | awk ‘{print $9}’`

IFS_BAK=$IFS
IFS=’

count=0
for domainfile in $mylist
do
count=$((count+1))
domainshort=${domainfile/.conf/}
domainshortnowwww=${domainshort/www./}
echo $count $domainshort

cat $workingtemplate | sed -r s/THENOWWWDOMAIN/${domainshortnowwww}/g | sed -r s/THEDOMAIN/${domainshort}/g > ${domainfile}
done

IFS=$IFS_BAK[/code:1:5538a5cb94]

Share this:

Leave a Reply

Your email address will not be published. Required fields are marked *