Yes, this is probably a bit search spammy (like search actually works any more), but it’s an interesting little fix and a view into how certbot works. Apart from when new posts are published, a server I manage is served wholly from Cloudflare. We have recently migrated it and apart from the initial caching phase it runs with no load. As the key components were synced over by rsync, this copied over the LetsEncrypt certificates, which, because of the Cloudflare caching, failed to renew at some point, silently. Certbot’s version control is in the /etc/letsencrypt/archive folder. Certificate files are written here with a number appended to them and symlinked to /etc/letsencrypt/live, so while certbot works correctly, there will be an archive file with a number, so cert1.pem, cert2.pem etc. In this case however, the certificate files in /archive weren’t numbered, so when attempting to renew the certificate manually, certbot fails with the error cert is required but missing for this certificate. The fix is, fortunately, simple: rename the cert files in /archive with a number and relink them to the files in /live. Run the renew command again and the certificates will be reissued correctly.