Auto Renew Issue


#1

Hi,
I have successfully installed a letsencrypt certificate manually with certbot through the terminal on my imac following the documentation on certbots website and liquidweb.com. The issue that I’m having now is that I need to make sure I can autorenew the certificates. I’m running into trouble with this. Please see the error below that I’m getting. I think the solution may involve hooks but I’m am very new to this so I’m unsure on exactly what to do. I do not have access to my SSH, only FTP. I’m not sure what other options I have to setup automatic renewal.

Specs:

My domain is: ithacalivingsolutions.com

I ran this command: sudo -H certbot certonly --manual --preferred-challenges http -d www.ithacalivingsolutions.com -d ithacalivingsolutions.com

and also

sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.ithacalivingsolutions.com.conf


Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’)
Attempting to renew cert (www.ithacalivingsolutions.com) from /etc/letsencrypt/renewal/www.ithacalivingsolutions.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.ithacalivingsolutions.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.ithacalivingsolutions.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

My web server is (include version): Using Liquidweb.com cloudsites

The operating system my web server runs on is (include version): apache

My hosting provider, if applicable, is: Using Liquidweb.com cloudsites

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi @ststruff,

Normally Certbot and other Let’s Encrypt clients are meant to be run directly on the web server. It sounds like that’s not a possibility in your hosting environment, which makes Let’s Encrypt a more challenging fit for your setup.

Your three main options are

  • change hosting providers
  • persuade your hosting provider to offer a better form of Let’s Encrypt integration
  • write a script to automate this process

The last option would indeed involve hooks, namely the --manual-auth-hook and --deploy-hook options in Certbot, which let you specify scripts that you’ve written that perform the necessary steps.

You might also be interested in the getssl client, which includes a “remote webroot” feature where the webroot location can be on a remote server:


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.