simongreenwood.me.uk/a-fix-for-cert-is-required-but-missing-for-this-certificate-in-certbot.md

Simon Greenwood

Gracefully degrading

• About Me
• Contact info
• My CV
• CV Part 2
• Social

Home Technical Listening Diary Tags Archives Atom

A fix for 'cert is required but missing for this certificate' in certbot

Posted on Tue 30 July 2024 in Technical

Yes, this is probably a bit search spammy (like search actually works any more), but it\s an interesting little fix and a view into how certbot works. Apart from when new posts are published, a server I manage is served wholly from Cloudflare. We have recently migrated it and apart from the initial caching phase it runs with no load. As the key components were synced over by rsync, this copied over the LetsEncrypt certificates, which, because of the Cloudflare caching, failed to renew at some point, silently. Certbot\s version control is in the /etc/letsencrypt/archive folder. Certificate files are written here with a number appended to them and symlinked to /etc/letsencrypt/live, so while certbot works correctly, there will be an archive file with a number, so cert1.pem, cert2.pem etc. In this case however, the certificate files in /archive weren\t numbered, so when attempting to renew the certificate manually, certbot fails with the error cert is required but missing for this certificate. The fix is, fortunately, simple: rename the cert files in /archive with a number and relink them to the files in /live. Run the renew command again and the certificates will be reissued correctly.

certbot ssl

© 2025 - This work is licensed under a Creative Commons Attribution-ShareAlike

Built with Pelican using Flex theme | Switch to the dark | light | browser theme