i have generated the Let’s Encrypt SSL certificate and applied for my AWS ELB with the manual method by authenticating TXT record. Now i am in the situation to renew the same certificate automatically by running cron job and it’s not working.
It is throwing below error.
My domain is:/betterplace.co.in
I ran this command:
sudo /opt/certbot/certbot-auto renew
It produced this output:
/etc/letsencrypt/live/betterplace.co.in/fullchain.pem expires on 2018-10-21 (skipped)
No renewals were attempted.
My web server is (include version):AWS ELB
The operating system my web server runs on is (include version):Centos 7
My hosting provider, if applicable, is:GoDaddy
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):yes
Hi schoen,
Thanks for your response and the time is correct.
This is my cron job entry
43 19 * * * sudo /opt/certbot/certbot-auto renew --text >> /opt/certbot/certbot-cron.log
Below is the output of /opt/certbot/certbot-cron.log command.
Also i ran the below command and included the output
cat /etc/letsencrypt/renewal/betterplace.co.in.conf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (betterplace.co.in) from /etc/letsencrypt/renewal/betterplace.co.in.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/betterplace.co.in/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
This is correct. It looks like you obtained your certificate with --manual; since no user interaction is possible from cron, you need to find a way to script your certificate renewals so that they won't require user interaction.
Why did you choose to use --manual originally and how did you complete the authentication steps requested by the CA?
This is the first time i was generated the certificate via let’s encrypt and not aware of these kind of renewal problem will come in future.
Also the certificate which we are planning to deploy in multiple AWS application load balancers since only one ACM certificate is free.
i got the certificate by authenticating with my dns TXT record with my domain name(betterplace.co.in) and the record i got from my Godaddy domain control panel.
Please let me know what would be best way to automate this same renewal and changing the license type from --manual to different types.
Also kindly suggest me which method would be the suitable for renewing and permanently not getting the these kind of problems again.
This is my exact requirement when i was generated the certificate.
i need to have the Let’s Encrypt certificates which i am going to use for AWS ELB’s.
Are you sure about that? My understanding is that all ACM managed certificates are free. The AWS free tier includes 750 hours of ELB per month for the first 12 months, which would cover one ELB but not two - but that's true regardless of where you get the certificates from.
i don’t want to use the --manual method for let’s encrypt certification since i am not able to automate the license renewal of the same certificate.
so my requirement is to create a Let’s Encrypt Certificate for my AWS ELB .what method would be the best for creating certificates for my AWS ELB’s with my domain names(*.betterplace.co.in) with the option of automating renewal? it’s a kind of wildcard certificates which i need to create here.
Yes schoen i got the API key and secret key for my domain-Godaddy. Now how could i renew the wildcard certificates which i have created by --manual method?.
This is just meant to answer your question about automated renewal using GoDaddy’s DNS API, not to resolve the other question about AWS ELB (since I’m not familiar with the ELB certification options).
