Certbot renew dry run fails with error: Input the webroot for sub.mydomain.com:. Skipping

Vaibhav Joshi asked:

I have a Debian 10 instance running which hosts my Node.js/Express API. I have been using a different subdomain during development and added another subdomain as I’m nearing production. The first domain was dev.myapi.com and I added another subdomain dashboard.myapi.com with certbot certonly --cert-name dev.myapi.com -d dev.myapi.com,dashboard.myapi.com. After that, I ran certbot renew --dry-run and I’m getting following error:


Processing /etc/letsencrypt/renewal/dev.myapi.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dashboard.myapi.com
http-01 challenge for dev.myapi.com
Cleaning up challenges
Attempting to renew cert (dev.myapi.com) from /etc/letsencrypt/renewal/dev.myapi.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for dashboard.myapi.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/dev.myapi.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/dev.myapi.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/reloadService.sh
1 renew failure(s), 0 parse failure(s)

How to provide the webroot for the new subdomain? The root directory of my project is the same. I.e, I’m running only one project with 2 subdomains pointing to the same.

My answer:


You give the webroot on the command line when you run certbot.

--webroot <document root>

This should have been done the first time you obtained the certificates but if you used a different method to do so, then it would not have been saved.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.