Skip to main content

Quick Tip: LetsEncrypt “server” error fix on Ubuntu 16.04

By Bruno Skvorc

PHP

Share:

Free JavaScript Book!

Write powerful, clean and maintainable JavaScript.

RRP $11.95

I recently had to renew the HTTPS certificates for my server, and ran into trouble.

Vector icon of server with X mark, indicating a failed state, like unrenewed Letsencrypt certificates

The errors that the command sudo letsencrypt renew was spewing out were these:

Processing /etc/letsencrypt/renewal/bitfalls.com.conf
2017-02-06 07:43:08,126:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/bitfalls.com.conf produced an unexpected error: 'server'. Skipping.
Processing /etc/letsencrypt/renewal/test.bitfalls.com.conf
2017-02-06 07:43:08,408:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/test.bitfalls.com.conf produced an unexpected error: 'server'. Skipping.

To save you some googling and experimentation, the error is caused by a missing server configuration entry in the renewal configuration files. To fix this, you can start over completely (i.e. remove the /etc/letsencrypt folder and regenerate everything), or manually insert the missing config entry. Here’s how you do the latter.

Updating LetsEncrypt’s Configuration Files

If you go into /etc/letsencrypt/renewal, you’ll see your current server’s cert renewal files:

ls /etc/letsencrypt/renewal

Most of you will only have one in there, unless you have subdomains defined, in which case you should see one cert for each subdomain you’re serving via HTTPS. Copy the following string to the clipboard:

server = https://acme-v01.api.letsencrypt.org/directory

This mock server entry value needs to go into each of the files in /etc/letsencrypt/renewal, but before the [[webroot_map]] entry (if it exists – otherwise, put at the end).

Here’s a shortcut script you can just paste in the renewal folder, and it will automatically insert this string into every file at the correct location:

sed -i "/[[webroot_map]]/i server = https://acme-v01.api.letsencrypt.org/directory" *.conf

Once you edit the files and save them, running the renewal command should work:

sudo letsencrypt renew

Remember, if you’re on an old, manually installed version of LetsEncrypt, install the apt version with:

sudo apt-get install letsencrypt

Hopefully this saved you some trouble!

Bruno is a blockchain developer and technical educator at the Web3 Foundation, the foundation that's building the next generation of the free people's internet. He's also a DX person at Diffbot. He runs two newsletters you should subscribe to if you're interested in Web3.0: Dot Leap covers ecosystem and tech development of Web3, and NFT Review covers the evolution of the non-fungible token (digital collectibles) ecosystem inside this emerging new web. His current passion project is RMRK.app.

New books out now!

Get practical advice to start your career in programming!


Master complex transitions, transformations and animations in CSS!

Latest Remote Jobs