Cannot renew certificate

[joncamfield]

I had to do some server shuffling (due originally to a non-renewing cert which I had possibly mis-diagnosed as a permissions error). I am trying to start a sandstorm server restored from a backup of the /opt directory. sandstorm starts but won't provide webpages; sandstorm.log reveals:

HTTPS mode is enabled but no certs found.
Migrations already applied: 34/34
shouldGetAnotherCertificate: There is no key, so yes get a new one.
renewHttpsCertificateIfNeeded: Happily choosing to renew certificate.
generateKeyAndCsr created new key & certificate request for *.[SUBDOMAIN].sandcats.io
storeNewKeyAndCsr successfully saved key and certificate request to /var/sandcats/https/[SUBDOMAIN].sandcats.io/1497387185521 and /var/sandcats/https/[SUBDOMAIN].sandcats.io/1497387185521.csr respectively of length 1702 and 918
Submitting certificate request for host [SUBDOMAIN] where the request has length 918
No key, so can't listen for HTTPS yet. Will retry in three seconds.
Received HTTP error while renewing certificate (will keep retrying) 403
Error response contained information {"error":"Not authorized."}
No key, so can't listen for HTTPS yet. Will retry in three seconds.

This is possibly linked to the suddenly-404ing sandstorm-io/sandstorm#1312 (google cache: https://webcache.googleusercontent.com/search?q=cache:ZKJwpjcRlYcJ:https://github.com/sandstorm-io/sandstorm/issues/1312+&cd=1&hl=en&ct=clnk&gl=us&client=ubuntu )

@paulproteus suggested in 1312 that this may be due to "I think I know what the problem is. You have more active HTTPS certificates than we support at the moment, as an anti-abuse tactic."

[joncamfield]

Somehow I had not found this guide before: https://docs.sandstorm.io/en/latest/administering/sandcats/#diagnosing-not-authorized-problems ; re-running install on a temporary VM and moving the /opt/sandstorm/var/sandcats directory over solved it.