NPM trying to renew certs that have been removed from the UI?

[AndyYangUK]

Hi, I'm having an issue where NPM, from what I can see in the logs, is trying to renew a whole bunch of certificates in the background even though those certs are no longer in use and don't even appear within the UI.

How do I remove them from the DB so it no longer attempts (and fails) to renew those old certs?

Snippet:

today at 10:08:54Failed to renew certificate npm-7 with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
today at 10:08:54Failed to renew certificate npm-8 with error: Some challenges have failed.
today at 10:08:54All renewals failed. The following certificates could not be renewed:
today at 10:08:54  /etc/letsencrypt/live/npm-1/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-10/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-12/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-14/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-2/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-3/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-4/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-5/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-7/fullchain.pem (failure)
today at 10:08:54  /etc/letsencrypt/live/npm-8/fullchain.pem (failure)
today at 10:08:5410 renew failure(s), 0 parse failure(s)
today at 10:08:54
today at 10:08:54    at ChildProcess.exithandler (node:child_process:397:12)
today at 10:08:54    at ChildProcess.emit (node:events:390:28)
today at 10:08:54    at maybeClose (node:internal/child_process:1064:16)
today at 10:08:54    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
today at 10:08:57[1/24/2022] [10:08:57 AM] [Nginx    ] › ℹ  info      Reloading Nginx

[AndyYangUK]

Also, I noticed that during the cleanup process, NPM has decided to keep the old certs:

today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/fullchain3.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/privkey3.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/cert3.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/chain3.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/chain4.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/fullchain4.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/cert4.pem.
today at 10:24:40[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/privkey4.pem.

[pto199]

I'm having the same issue here. Deleted some old Certs in the UI and they are gone, but its still trying to renew them. Its messing up the renewal of my actual certs since it stops working after a few failures.

How do I remove these certs from the DB?

[jlesage]

Manually removing folders associated to the old certs from /config/letsencrypt/live/ and /config/letsencrypt/archive/ (inside the container) should fix the issue.

But I'm not sure why there were not automatically removed when you removed them from NPM...

[jlesage]

Were your certificates expired when you removed them?

[Sn00zEZA]

After removing all LetsEncrypt SSL Certs, had to clear "/config/letsencrypt/archive", "/config/letsencrypt/live" and "/config/letsencrypt/renewel" to get rid of the errors. Edit: Had lots that were shown expired in NPM but was renewed. Guess was due to having force ssl enable setting.