Got a problem with a cert not working/renewing properly

I had a similar problem and wanted to share what I did to fix it.

My issue:
My certificates expired today and did not automatically renew. When I tried to provision new ones automatically through the admin panel, nothing seemed to happen. I looked at the feedback a little closer on the screen where I tried to do the provision and noticed something suggesting there was more than one account, and it gave the location of the Let’s Encrypt log:

/var/log/letsencrypt/letsencrypt.log

It’s a pretty long log to look through in the terminal, so I downloaded it and viewed it through a text editor. Sure enough, the last entry was:

certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Please choose an account
Choices: [‘box.example.com@2022-01-22T02:52:20Z (b19f)’, ‘box.example.com@2020-03-19T15:30:23Z (1534)’]

More digging through the log and it led me to the accounts location:
/home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory

Again, sure enough there were two entries. The first 4 characters of the each entry corresponded to the 4 characters in parenthesis at the end of the accounts listed in the log (b19f) and (1534).

My Fix:

  • download a copy of the directory to my local computer
    /home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory
  • make a new snapshot on my VPS for a quick restore (just in case)
  • remove the older account
    rm -rf /home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory/1534…
  • reboot the server
  • running the command: “sudo mailinabox”
  • login as administrator as directed at the end of the mailinabox script:
    https://xxx.xxx.xxx.xxx/admin
  • Hit the “Provision” button in the TLS(SSL) Certificates panel
  • I ran the provision once, and it provisioned all but box.example.com
  • I ran the provision a second time, all successfully provisioned

Result:
All my certificates are now good for 89 days, except two:
mta-sts.box.example.com (59 days)
mta-sts.example.com (59 days)
The only thing still red in the system status is this:
MTA-STS policy is missing: STSFetchResult.NONE

So for me, that’s a good fix until I can figure out what’s the deal with mta-sts. Emails are sending/receiving, caldav and nextcloud app sync is working fine. I know this was pretty basic for many here, but hope this helps somebody.