The log’s pretty long, this should cover the relevant parts:
2021-05-17 00:57:22,516:DEBUG:certbot.main:certbot version: 0.31.0
2021-05-17 00:57:22,520:DEBUG:certbot.main:Arguments: []
2021-05-17 00:57:22,521:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-05-17 00:57:22,547:DEBUG:certbot.log:Root logging level set at 20
2021-05-17 00:57:22,548:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-05-17 00:57:22,573:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fa2eae6a0> and installer <certbot.cli._Default object at 0x7fa2eae6a0>
2021-05-17 00:57:22,594:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-05 15:18:05 UTC.
2021-05-17 00:57:22,595:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-17 00:57:22,595:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-05-17 00:57:22,596:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa2f03940>
Prep: True
2021-05-17 00:57:22,597:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fa2f03940> and installer None
2021-05-17 00:57:22,597:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-05-17 00:57:22,613:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/100723154', new_authzr_uri=None, terms_of_service=None), 4855c380d778627e077c783b6eb342a9, Meta(creation_dt=datetime.datetime(2020, 10, 29, 17, 50, 25, tzinfo=<UTC>), creation_host='DietPi'))>
2021-05-17 00:57:22,615:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-17 00:57:22,620:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-05-17 00:57:23,332:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-05-17 00:57:23,335:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 16 May 2021 22:57:21 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"Esra89FoRrA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-05-17 00:57:23,336:INFO:certbot.main:Renewing an existing certificate
2021-05-17 00:57:24,040:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0074_key-certbot.pem
2021-05-17 00:57:24,093:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0074_csr-certbot.pem
2021-05-17 00:57:24,095:DEBUG:acme.client:Requesting fresh nonce
2021-05-17 00:57:24,095:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-05-17 00:57:24,266:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-05-17 00:57:24,267:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 16 May 2021 22:57:22 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00047_v-eLYns4u1tlCoYk9qq4nanBC6UrytqAdUvHNgxKM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-05-17 00:57:24,267:DEBUG:acme.client:Storing nonce: 00047_v-eLYns4u1tlCoYk9qq4nanBC6UrytqAdUvHNgxKM
2021-05-17 00:57:24,268:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "my_domain"\n }\n ]\n}'
2021-05-17 00:57:24,312:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAwNzIzMTU0IiwgIm5vbmNlIjogIjAwMDQ3X3YtZUxZbnM0dTF0bENvWWs5cXE0bmFuQkM2VXJ5dHFBZFV2SE5neEtNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "aVM1MQZHA2j-vtX3aaKyWEpaBDelwpn9POdwjtNpvwZCCw4tztXqxEwnX7SKGFS7zcLKvWvs1jMdwB8aOZlla1pYJdbfZpwLf8ObMF9jbpS_7JHlHzf3pZ2_cWIlvV6eeUn4uV-m3u1PGaqlqvTcjLdEI5nlfAWe3zz-WkZ7Qh6lL0U83VHMZSOpOYe4Fy4c_ngFuchtIUFsx0hb_Ec6VG6OkKy4z-_yhQ_NczuEpTLLGLUw-87FerhmAIsS2jf195W7_K7CyW5ceFckRtq8wtcHOGvN3Qi7WcoVnyS_zFV0sNF0wgz7r9p4AKwj4hjrO-JWDxJv38w7pq_VS0nZSg5TinMEJxqrRQVWYPexwaCJtIgHBOziy_ETLAzO2V6hrLuLX0M2LuLhdn30j8CMSsh1oq-HOssh5fWPkra0fcjzI9gDnkY2YmqVoiHY-xO-UPqAjb4LnsO-yHZ7ai-8Xc6mR893xc_KpnQTRhm1o6Vjp0X-R_FkTnCwWKU-ir_YNZwh_YAeeQdfwXwzb6niKnlwnNlO7YjjYODtlN8WXy2VKpQIbKSQkthdoiELyUHtoVi82czILGRZ9tmFuuu7T3dwLW7lcM_AFmbVGvlUVqhXJzlA0YsZ-3dJah_ktSKn4Ypgt-tUSojMPseVAMxhKfedmExNfQEnyZXD73KKXYA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInhlcm9uby5zdHJhbmdsZWQubmV0IgogICAgfQogIF0KfQ"
}
2021-05-17 00:57:24,512:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2021-05-17 00:57:24,513:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 16 May 2021 22:57:22 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 100723154
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/100723154/9687398056
Replay-Nonce: 0004s5SJSTFU9Hocgr9f4R1bXd8gVSKtK1fnory4LnN0HSs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-05-21T07:38:10Z",
"identifiers": [
{
"type": "dns",
"value": "my_domain"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/13104787816"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/100723154/9687398056"
}
2021-05-17 00:57:24,514:DEBUG:acme.client:Storing nonce: 0004s5SJSTFU9Hocgr9f4R1bXd8gVSKtK1fnory4LnN0HSs
2021-05-17 00:57:24,514:DEBUG:acme.client:JWS payload:
b''
2021-05-17 00:57:24,558:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13104787816:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAwNzIzMTU0IiwgIm5vbmNlIjogIjAwMDRzNVNKU1RGVTlIb2NncjlmNFIxYlhkOGdWU0t0SzFmbm9yeTRMbk4wSFNzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzEwNDc4NzgxNiJ9",
"signature": "qWlBxgtAhTDxD0FZJWkRol08SOU1mjOGqIGxQcEP2AJuKeHMLIJ1xwNxK-TpMdhFsH4SkmdymW5lc1OcoZwCQVH6qe43dvRZl47CVSqO1IvrkPH8bsiSDBxClj2_FNdDrQRf63wjiP5BhsL2pf7Dpxi-Y3XjlxXEZBdZ8MNDArEKKbOYBgVj4BPFh0Elg7NqiQNjDVkvW1XwWsMJ0WKvOUmo_dorT5tUrPgPBaVkVTkSr3UodjfLAxp4Jq5Zkw6LMXdESbZCWvagdtvSfLLEcCmDiukWfobMrOqWfIq6wbk0lGh2tqejJpENPhjbv3VKPg6DCfq5uo6FhU8wpZ_QfLXZ5YwOpkziu5Ve5ef3Y1zkbm1wVZp8T9o-lUchEWDq84GhBuVw3srgWthmJF-T48_wmqQDRy1ph5hf9lcO040G_LpQPr19S6mrnqjbPac-_ZlioBoANzzRpE3-BAjpuA3ts-Sw2hxMtkxoBDhE9_cQbmZkQ5ygS3n_POR2ddaAcMG_FLrTNFTdl0qrBjTBh3YyIdoR6Fcaim2HRw2U3Pg7j_4DiaH9ySQ2Nsa4HsL3aqGJDQ9IgENT7tQtxlH6_-wDj1zHfv6j8bY2knNXCoLCI9MJE29CSaU3EKYf6VlCN5LMhcOcEh9aL-6kN8atrrqiB4OpekS44tXasQq4-Ts",
"payload": ""
}
2021-05-17 00:57:24,758:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13104787816 HTTP/1.1" 200 801
2021-05-17 00:57:24,760:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 16 May 2021 22:57:23 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 100723154
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0004DGXYRiqQp7lSMQVhjfwJElJCTF8_lh_KJXbtvlo0gRQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "my_domain"
},
"status": "pending",
"expires": "2021-05-21T07:38:10Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13104787816/tK3iyA",
"token": "XYHXtRrzEkwEahLFRqKGe1rnCeBQmIX0MKZ_AHaZpuk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13104787816/6p0xFw",
"token": "XYHXtRrzEkwEahLFRqKGe1rnCeBQmIX0MKZ_AHaZpuk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13104787816/s77amQ",
"token": "XYHXtRrzEkwEahLFRqKGe1rnCeBQmIX0MKZ_AHaZpuk"
}
]
}
2021-05-17 00:57:24,760:DEBUG:acme.client:Storing nonce: 0004DGXYRiqQp7lSMQVhjfwJElJCTF8_lh_KJXbtvlo0gRQ
2021-05-17 00:57:24,762:INFO:certbot.auth_handler:Performing the following challenges:
2021-05-17 00:57:24,762:INFO:certbot.auth_handler:http-01 challenge for my_domain
2021-05-17 00:57:24,765:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 81, in perform
self._set_webroots(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 99, in _set_webroots
known_webroots)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 120, in _prompt_for_webroot
webroot = self._prompt_for_new_webroot(domain, True)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 144, in _prompt_for_new_webroot
force_interactive=True)
File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 372, in validated_directory
validator, *args, **kwargs)
File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 329, in _get_validated
code, raw = method(message, default=default, **kwargs)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 583, in directory_select
return self.input(message, default, cli_flag)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 524, in input
self._interaction_fail(message, cli_flag)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Input the webroot for my_domain:
2021-05-17 00:57:24,765:DEBUG:certbot.error_handler:Calling registered functions
2021-05-17 00:57:24,766:INFO:certbot.auth_handler:Cleaning up challenges
2021-05-17 00:57:24,766:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2021-05-17 00:57:24,767:WARNING:certbot.renewal:Attempting to renew cert (my_domain) from /etc/letsencrypt/renewal/my_domain.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for my_domain:. Skipping.
2021-05-17 00:57:24,769:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 81, in perform
self._set_webroots(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 99, in _set_webroots
known_webroots)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 120, in _prompt_for_webroot
webroot = self._prompt_for_new_webroot(domain, True)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 144, in _prompt_for_new_webroot
force_interactive=True)
File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 372, in validated_directory
validator, *args, **kwargs)
File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 329, in _get_validated
code, raw = method(message, default=default, **kwargs)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 583, in directory_select
return self.input(message, default, cli_flag)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 524, in input
self._interaction_fail(message, cli_flag)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Input the webroot for my_domain:
2021-05-17 00:57:24,770:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-05-17 00:57:24,770:ERROR:certbot.renewal: /etc/letsencrypt/live/my_domain/fullchain.pem (failure)
2021-05-17 00:57:24,771:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
root@DietPi:~#
Since the webroot is in the .conf file, I’m not sure how to proceed.