in Linux

Issue with renewal of existing Let’s Encrypt certificates

I am a fan of Let’s Encrypt. I think this initiative vastly improved the Internet experience of everyone and brought big progress in terms of securing the entire web. Below graphics are taken from Let’s Encrypt stats page.

The process of installing and using Let’s Encrypt on your machines is pretty straightforward and there are plenty of guides out there which explain this in detail for various distributions.

However if you are using Let’s Encrypt for some time now it might happen that after installing letsencrypt package on your Ubuntu box you are unable to renew certificates. This occurred to me when I changed from certbot to the (apparently older) letsencrypt package in Ubuntu 16.04.

You might get an error similar to this one when trying to renew your existing certificates.

The older Ubuntu package is not forwards-compatible to configuration files generated by more recent releases. Fixing this comes down to pretty much three options:

  • Continue using certbot.
  • Start with a new configuration. Clean /etc/letsencrypt and then re-issue all certificates.
  • Try to manually fix the configuration.

Well to me it seemed to be the best option to start with a new configuration and re-issue all certificates with the default Ubuntu letsencrypt package.

I then successfully created new certificates. However when renewing for the first time, I ran into the following error message. The message is actually pretty clear on how to resolve the issue but I decided to reference it anyway to point out that the apache plugin may need to be installed.

Installing the Apache plugin for Let’s Encrypt python-letsencrypt-apache resolves the issue


Write a Comment