asked on
Let's Encrypt SSL errors on Ubuntu 20.04/Zimbra
Let's Encrypt - errors - Ubuntu 20.04, Zimbra email server
What is the best way to clear out the current SSL setup to start fresh? I tried to renew and received the following errors:
Renewal configuration file /etc/letsencrypt/renewal/mail.animals.info-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/mail.animals.info-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/mail.animals.info.conf produced an unexpected error: fullchain does not match cert + chain for mail.animals.info!. Skipping.
My SSL is working fine, but I believe I may have caused this error. If I can correct it great, if not, I would like to start over. I have thought about renaming the directory and just creating an empty letsencrypt directory to drop the new certificate.
Thoughts?
Thanks.
You need to update your Letsencrypr CA certificate chain.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Once you add this certificate into your PKI for openssl tou should be fine.
What you can try to do is manually renew the certificate using the command "sudo certbot renew." If that doesn't work, it may be best to clear out the current SSL setup and start fresh. One way to do this is to rename the current /etc/letsencrypt directory to something like /etc/letsencrypt_old, then create a new empty /etc/letsencrypt directory. Next, run the certbot command again to create a new certificate and it should work this time.
Another way to clear out the current SSL setup is to run the command "sudo certbot revoke --cert-path /etc/letsencrypt/live/your
It's important to note that revoking the certificate will break the functionality of SSL on your server until a new certificate is obtained.
Cheers