PHP

Quick Tip: LetsEncrypt “server” error fix on Ubuntu 16.04

Bruno Skvorc
Share

I recently had to renew the HTTPS certificates for my server, and ran into trouble.

Vector icon of server with X mark, indicating a failed state, like unrenewed Letsencrypt certificates

The errors that the command sudo letsencrypt renew was spewing out were these:

Processing /etc/letsencrypt/renewal/bitfalls.com.conf
2017-02-06 07:43:08,126:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/bitfalls.com.conf produced an unexpected error: 'server'. Skipping.
Processing /etc/letsencrypt/renewal/test.bitfalls.com.conf
2017-02-06 07:43:08,408:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/test.bitfalls.com.conf produced an unexpected error: 'server'. Skipping.

To save you some googling and experimentation, the error is caused by a missing server configuration entry in the renewal configuration files. To fix this, you can start over completely (i.e. remove the /etc/letsencrypt folder and regenerate everything), or manually insert the missing config entry. Here’s how you do the latter.

Updating LetsEncrypt’s Configuration Files

If you go into /etc/letsencrypt/renewal, you’ll see your current server’s cert renewal files:

ls /etc/letsencrypt/renewal

Most of you will only have one in there, unless you have subdomains defined, in which case you should see one cert for each subdomain you’re serving via HTTPS. Copy the following string to the clipboard:

server = https://acme-v01.api.letsencrypt.org/directory

This mock server entry value needs to go into each of the files in /etc/letsencrypt/renewal, but before the [[webroot_map]] entry (if it exists – otherwise, put at the end).

Here’s a shortcut script you can just paste in the renewal folder, and it will automatically insert this string into every file at the correct location:

sed -i "/[[webroot_map]]/i server = https://acme-v01.api.letsencrypt.org/directory" *.conf

Once you edit the files and save them, running the renewal command should work:

sudo letsencrypt renew

Remember, if you’re on an old, manually installed version of LetsEncrypt, install the apt version with:

sudo apt-get install letsencrypt

Hopefully this saved you some trouble!