Fixing certbot’s “parsefail” error during certificate renewal

Charles Stover
2 min readDec 26, 2019

Last week, I was unfortunately notified that my domains’ certificates were expiring and needed to be renewed immediately. This was troubling, because my certificates were set to automatically renew through Let’s Encrypt; and this meant that something was wrong. Only a handful of my domains were failing the automatic renewal process, while the others were successful.

I tried to manually renew these domains with certbot renew and met the following error:

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/example.com.conf (parsefail)
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/renewal.py", line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/opt/certbot/src/certbot/certbot/_internal/storage.py", line 465, in __init__
self._check_symlinks()
File "/opt/certbot/src/certbot/certbot/_internal/storage.py", line 532, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/example.com/cert.pem to be a symlinkRenewal configuration file /etc/letsencrypt/renewal/example.com.conf is broken. Skipping.

--

--

Charles Stover
Charles Stover

Written by Charles Stover

Staff+ front end engineer | Tech lead | Architect | quisi.do

Responses (4)