Skip to main content

Quick Tip: LetsEncrypt “server” error fix on Ubuntu 16.04

By Bruno Skvorc

PHP

Share:

Free JavaScript Book!

Write powerful, clean and maintainable JavaScript.

RRP $11.95

I recently had to renew the HTTPS certificates for my server, and ran into trouble.

Vector icon of server with X mark, indicating a failed state, like unrenewed Letsencrypt certificates

The errors that the command sudo letsencrypt renew was spewing out were these:

Processing /etc/letsencrypt/renewal/bitfalls.com.conf
2017-02-06 07:43:08,126:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/bitfalls.com.conf produced an unexpected error: 'server'. Skipping.
Processing /etc/letsencrypt/renewal/test.bitfalls.com.conf
2017-02-06 07:43:08,408:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/test.bitfalls.com.conf produced an unexpected error: 'server'. Skipping.

To save you some googling and experimentation, the error is caused by a missing server configuration entry in the renewal configuration files. To fix this, you can start over completely (i.e. remove the /etc/letsencrypt folder and regenerate everything), or manually insert the missing config entry. Here’s how you do the latter.

Updating LetsEncrypt’s Configuration Files

If you go into /etc/letsencrypt/renewal, you’ll see your current server’s cert renewal files:

ls /etc/letsencrypt/renewal

Most of you will only have one in there, unless you have subdomains defined, in which case you should see one cert for each subdomain you’re serving via HTTPS. Copy the following string to the clipboard:

server = https://acme-v01.api.letsencrypt.org/directory

This mock server entry value needs to go into each of the files in /etc/letsencrypt/renewal, but before the [[webroot_map]] entry (if it exists – otherwise, put at the end).

Here’s a shortcut script you can just paste in the renewal folder, and it will automatically insert this string into every file at the correct location:

sed -i "/[[webroot_map]]/i server = https://acme-v01.api.letsencrypt.org/directory" *.conf

Once you edit the files and save them, running the renewal command should work:

sudo letsencrypt renew

Remember, if you’re on an old, manually installed version of LetsEncrypt, install the apt version with:

sudo apt-get install letsencrypt

Hopefully this saved you some trouble!

Bruno is a blockchain developer and code auditor from Croatia with Master’s Degrees in Computer Science and English Language and Literature. He's been a web developer for 10 years until JavaScript drove him away. He now runs a cryptocurrency business at Bitfalls.com via which he makes blockchain tech approachable to the masses, and runs Coinvendor, an on-boarding platform for people to easily buy cryptocurrency. He’s also a developer evangelist for Diffbot.com, a San Francisco-based AI-powered machine vision web scraper.

New books out now!

Get practical advice to start your career in programming!


Master complex transitions, transformations and animations in CSS!