Cant renew certificates

This vhost seems to be causeing problems renewing certificates. All vhost point to this same error. The autorenew doesnt seem to be updating the certificates. And manual forced, produces this error. But there isnt a line 100. Jut the </virtual host> tag. Apache starts okay so theres no syntax error. Any ideas how to solve this? Thanks

My domain is: 4elife.app

I ran this command: sudo certbot renew --force-renewal

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/4elife.app.conf

Failed to renew certificate 4elife.app with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')

The following renewals succeeded:
/etc/letsencrypt/live/mailenchanter.com/fullchain.pem (success)

The following renewals failed:
/etc/letsencrypt/live/4elife.app/fullchain.pem (failure)

8 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
enchanter@vm877754:~$

My web server is (include version): Ubunto 20.04

The operating system my web server runs on is (include version): Apache latest

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

The one that succeeded didnt. I used antoehr command on that one vhost. But it snot working yet, although it said the renewal was saved.

Actually, I added to the end of the problem vHost, and using the renew command they allrenewed except for this one 4elife.app. The error is now:

Failed to renew certificate 4elife.app with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')

Hi @HGMNinja, and welcome to the LE community forum

That won't fix anything; Please don't use it.

Let's have a look at this file:

And the output of:
certbot certificates

Thank you. I actually fixed it as I was asking and still working on the issue. It was because theletsencrypt/renew/4elife.app was set for manual renewal and needed intervention. I ran sudo certbot --apache -d 4elife.app
And it changed to apache authentiation instead of dns. And I presume now the renewal will continue as per the cron.

Thanks for the assistance and push in the right direction. Its strange, sometimes you just need to ask. lol. Thanks againa ans apologies for messing up the highway so to speak.

As I suspected.

Good job on fixing the issue!

Thank you.

Please note that the --apache plugin is not capable of authorising a wildcard certificate. Your current certificate is only valid for the hostname 4elife.app without the wildcard hostname, thus subdomains (e.g. www.4elife.app) will not work with your current Let's Encrypt certificate.

That said, I see a Google Trust Services certificate with a wildcard hostname on your www subdomain, so there's that.

If you want to issue a Let's Encrypt certificate with a wildcard, you could use the certbot-dns-cloudflare DNS authenticator plugin, as I see your domains DNS zone is hosted by Cloudflare. You could still use the apache installer plugin in combination with the dns-cloudflare authenticator plugin using the options -i apache -a dns-cloudflare. See Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation for the documentation of the certbot-dns-cloudflare plugin.

Thanks, I will look into this over the next few weeks. But for now it seems to be working. I am aware of the www not working but I dont understand the dns authentication thing. But I will take a look at the link you provided to see if that explains it simple enough for me. Much appreciated.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.