Webinoly is just the perfect tool for NGINX experts. Give it a try!
0 votes
13.7k views
by Rookie

I got a 20 day waring for a cert. Checked why the auto renew didn't work, it fails.
 

server@server:~$ sudo certbot renew
[sudo] password for server:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/domain.tld.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.

The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)

Attempting to renew cert (domain.tld) from /etc/letsencrypt/renewal/domain.tld.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.

The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/domain.tld/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

How do I fix this?

1 Answer

+1 vote
by Expert
selected by
 
Best answer

Hi EyesX,

Unfortunately, this is known issue that Let's Encrypt has with wildcard certs, can't be auto'-renewed because you need to do the DNS challenge every time.

Due to this issue, we will introduce a new option to force a new cert. This new feature is scheduled to be released in v1.8.0 (End of April).

Now you can request it manually:

sudo certbot certonly --manual --preferred-challenges=dns --manual-public-ip-logging-ok -d $domain -d *.$domain --email $mail --no-eff-email --agree-tos --staple-ocsp --must-staple

Replace $domain and $mail with your own info.

Regards.

by Rookie
Ah I see. Thank you for your quick answer!
by Expert

Hi EyesX,

In the latest Webinoly update I have included some improvements in the SSL area.

  • You can now manually renew your certs: sudo site ssl=renew
  • Or force-renewal of a specific site: sudo site domain.com -ssl=force-renewal

The last one seems like is working fine even with wildcard certs, I've been testing it and it seems like you don't even need to pass the DNS verification again. Please, also you can try the first option to confirm if the automatic renewal process is now working with Wildcard certs.

Please, tell me if it works for you.

Regards.

Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.
Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...