Just under three months ago I generated and installed SSL Certs on my website & now it's time to renew them, but it isn't working.
I first tried to run "certbot renew" but I got an error that said:
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Running manual mode non-interactively is not supported',)
Attempting to renew cert from /etc/letsencrypt/renewal/andrewpometti.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Running manual mode non-interactively is not supported',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/andrewpometti.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Then I tried to run "certbot certonly --manual" that produced this error:
Failed authorization procedure. www.andrewpometti.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.andrewpometti.com, andrewpometti.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to andrewpometti.com
HOWEVER, the log file says that it did connect & get the correct verification strings (I redacted the verification strings below):
2017-02-10 21:27:54,154:INFO:certbot.auth_handler:Performing the following challenges: 2017-02-10 21:27:54,163:INFO:certbot.auth_handler:http-01 challenge for andrewpometti.com 2017-02-10 21:27:54,173:INFO:certbot.auth_handler:http-01 challenge for www.andrewpometti.com 2017-02-10 21:28:22,390:DEBUG:acme.challenges:Verifying http-01 at http://andrewpometti.com/.well-known/acme-challenge/[REDACTED]... 2017-02-10 21:28:22,391:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): andrewpometti.com 2017-02-10 21:28:22,622:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/[REDACTED] HTTP/1.1" 301 304 2017-02-10 21:28:22,625:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): andrewpometti.com 2017-02-10 21:28:23,283:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/[REDACTED] HTTP/1.1" 200 107 2017-02-10 21:28:23,358:DEBUG:acme.challenges:Received <Response [200]>: [REDACTED].[REDACTED]. Headers: {'Content-Length': '107', 'Content-Encoding': 'gzip', 'Accept-Ranges': 'bytes', 'Vary': 'Accept-Encoding,User-Agent', 'Keep-Alive': 'timeout=5', 'Server': 'Apache/2.4.23', 'Last-Modified': 'Fri, 10 Feb 2017 21:28:21 GMT', 'Connection': 'Keep-Alive', 'ETag': '"dc1617-57-54833c6e54740-gzip"', 'Date': 'Fri, 10 Feb 2017 21:28:24 GMT'} 2017-02-10 21:28:40,982:DEBUG:acme.challenges:Verifying http-01 at http://www.andrewpometti.com/.well-known/acme-challenge/[REDACTED]... 2017-02-10 21:28:40,984:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): www.andrewpometti.com 2017-02-10 21:28:46,256:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/[REDACTED] HTTP/1.1" 301 308 2017-02-10 21:28:46,259:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): www.andrewpometti.com 2017-02-10 21:28:46,751:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/[REDACTED] HTTP/1.1" 200 107 2017-02-10 21:28:46,757:DEBUG:acme.challenges:Received <Response [200]>: [REDACTED].[REDACTED]. Headers: {'Content-Length': '107', 'Content-Encoding': 'gzip', 'Accept-Ranges': 'bytes', 'Vary': 'Accept-Encoding,User-Agent', 'Keep-Alive': 'timeout=5', 'Server': 'Apache/2.4.23', 'Last-Modified': 'Fri, 10 Feb 2017 21:28:40 GMT', 'Connection': 'Keep-Alive', 'ETag': '"dc1619-57-54833c8073200-gzip"', 'Date': 'Fri, 10 Feb 2017 21:28:47 GMT'} 2017-02-10 21:28:46,758:INFO:certbot.auth_handler:Waiting for verification...
I was able to access the verification files manually. Anyone have any ideas?