simongreenwood.me.uk/a-fix-for-cert-is-required-but-missing-for-this-certificate-in-certbot.md

[![Simon Greenwood](/images/profile.png)](https://simongreenwood.me.uk/)

# [Simon Greenwood](https://simongreenwood.me.uk/)

Gracefully degrading

- [About Me](https://simongreenwood.me.uk/pages/about-me.html#about-me)
- [Contact info](https://simongreenwood.me.uk/pages/contact.html#contact)
- [My CV](https://simongreenwood.me.uk/pages/curriculum-vitae.html#curriculum-vitae)
- [CV Part 2](https://simongreenwood.me.uk/pages/cv-part-2.html#cv-part-2)
- [Social](https://gotosocial.grnwds.uk/@simon)

[Home](https://simongreenwood.me.uk/) [Technical](/category/technical.html) [Listening Diary](/category/listening-diary.html) [Tags](/tags.html) [Archives](/archives.html) [Atom](https://simongreenwood.me.uk/feeds/all.atom.xml)

# A fix for 'cert is required but missing for this certificate' in certbot

Posted on Tue 30 July 2024 in [Technical](https://simongreenwood.me.uk/category/technical.html)

Yes, this is probably a bit search spammy (like search actually works any more), but it\\s an interesting little fix and a view into how certbot works. Apart from when new posts are published, a server I manage is served wholly from Cloudflare. We have recently migrated it and apart from the initial caching phase it runs with no load. As the key components were synced over by rsync, this copied over the LetsEncrypt certificates, which, because of the Cloudflare caching, failed to renew at some point, silently. Certbot\\s version control is in the `/etc/letsencrypt/archive` folder. Certificate files are written here with a number appended to them and symlinked to `/etc/letsencrypt/live`, so while certbot works correctly, there will be an archive file with a number, so `cert1.pem`, `cert2.pem` etc. In this case however, the certificate files in `/archive` weren\\t numbered, so when attempting to renew the certificate manually, certbot fails with the error `cert is required but missing for this certificate`. The fix is, fortunately, simple: rename the cert files in `/archive` with a number and relink them to the files in `/live`. Run the renew command again and the certificates will be reissued correctly.

[certbot](https://simongreenwood.me.uk/tag/certbot.html) [ssl](https://simongreenwood.me.uk/tag/ssl.html)

© 2025 - This work is licensed under a [Creative Commons Attribution-ShareAlike](http://creativecommons.org/licenses/by-sa/4.0/deed.en_US)

Built with [Pelican](http://getpelican.com) using [Flex](http://bit.ly/flex-pelican) theme
\|
Switch to the [dark](javascript:void(0)) \| [light](javascript:void(0)) \| [browser](javascript:void(0)) theme


[![Creative Commons License](https://i.creativecommons.org/l/by-sa/4.0/80x15.png)](http://creativecommons.org/licenses/by-sa/4.0/)
Added docs to git 2025-02-08 21:47:24 +00:00			`[![Simon Greenwood](/images/profile.png)](https://simongreenwood.me.uk/)`

			`# [Simon Greenwood](https://simongreenwood.me.uk/)`

			`Gracefully degrading`

			`- [About Me](https://simongreenwood.me.uk/pages/about-me.html#about-me)`
			`- [Contact info](https://simongreenwood.me.uk/pages/contact.html#contact)`
			`- [My CV](https://simongreenwood.me.uk/pages/curriculum-vitae.html#curriculum-vitae)`
			`- [CV Part 2](https://simongreenwood.me.uk/pages/cv-part-2.html#cv-part-2)`
			`- [Social](https://gotosocial.grnwds.uk/@simon)`

			`[Home](https://simongreenwood.me.uk/) [Technical](/category/technical.html) [Listening Diary](/category/listening-diary.html) [Tags](/tags.html) [Archives](/archives.html) [Atom](https://simongreenwood.me.uk/feeds/all.atom.xml)`

			`# A fix for 'cert is required but missing for this certificate' in certbot`

			`Posted on Tue 30 July 2024 in [Technical](https://simongreenwood.me.uk/category/technical.html)`

			Yes, this is probably a bit search spammy (like search actually works any more), but it\\s an interesting little fix and a view into how certbot works. Apart from when new posts are published, a server I manage is served wholly from Cloudflare. We have recently migrated it and apart from the initial caching phase it runs with no load. As the key components were synced over by rsync, this copied over the LetsEncrypt certificates, which, because of the Cloudflare caching, failed to renew at some point, silently. Certbot\\s version control is in the `/etc/letsencrypt/archive` folder. Certificate files are written here with a number appended to them and symlinked to `/etc/letsencrypt/live`, so while certbot works correctly, there will be an archive file with a number, so `cert1.pem`, `cert2.pem` etc. In this case however, the certificate files in `/archive` weren\\t numbered, so when attempting to renew the certificate manually, certbot fails with the error `cert is required but missing for this certificate`. The fix is, fortunately, simple: rename the cert files in `/archive` with a number and relink them to the files in `/live`. Run the renew command again and the certificates will be reissued correctly.

			`[certbot](https://simongreenwood.me.uk/tag/certbot.html) [ssl](https://simongreenwood.me.uk/tag/ssl.html)`

			`© 2025 - This work is licensed under a [Creative Commons Attribution-ShareAlike](http://creativecommons.org/licenses/by-sa/4.0/deed.en_US)`

			`Built with [Pelican](http://getpelican.com) using [Flex](http://bit.ly/flex-pelican) theme`
			`\\|`
			`Switch to the [dark](javascript:void(0)) \\| [light](javascript:void(0)) \\| [browser](javascript:void(0)) theme`


			`[![Creative Commons License](https://i.creativecommons.org/l/by-sa/4.0/80x15.png)](http://creativecommons.org/licenses/by-sa/4.0/)`