Can't renew my SSL

I literally have no idea what I am doing…

My domain is: voiceofaphoenix.com
I ran this command: sudo certbot renew --dry-run
It produced this output:
Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be proble
ms with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-h
ook when using the manual plugin non-interactively.’,)
Attempting to renew cert (voiceofaphoenix.com) from /etc/letsencrypt/renewal/voiceofaphoen
ix.com.conf produced an unexpected error: The manual plugin is not working; there may be p
roblems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-h
ook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/voiceofaphoenix.com/fullchain.pem (failure)

Hi @voiceofaphoenix,

It looks like you got your original certificate by running certbot --manual or a similar command. In this case, Certbot has to prompt you to perform certain steps (like creating a file or a DNS record) and you have to confirm when you’ve done those steps.

The certbot renew command is designed to be run without any human intervention at all (automatically by your server, usually in the middle of the night), so it doesn’t have the ability to deal with the step where you have to be asked to confirm something. To renew a certificate that was obtained with --manual, you need to re-run the original Certbot command that you used to get the certificate the first time.

Depending on your setup, you might also be able to switch away from --manual to use a method that can allow Certbot to renew your certificate automatically. Do you know if there’s a particular reason that you used this method before?

No, I just tried to set it up with SSL and followed prompts, and it worked until my SSL certificate expired.

What kind of software environment are you using to host your site? Does it use Apache or nginx?

Apache sounds familiar - I know it’s Ubuntu and bitnami

Hi @voiceofaphoenix

checking your domain you use a wildcard certificate ( https://check-your-website.server-daten.de/?q=voiceofaphoenix.com ):

CN=voiceofaphoenix.com
	09.03.2019
	07.06.2019
12 days expired	
*.voiceofaphoenix.com, voiceofaphoenix.com - 2 entries

That requires dns-01 validation, so you may have created the dns entry manual.

So you have to do that again.

sudo certbot -d *.voiceofaphoenix.com -d voiceofaphoenix.com --manual

But there is an Amazon wildcard.

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
961623680 CN=Amazon, OU=Server CA 1B, O=Amazon, C=US 2019-06-11 00:00:00 2020-07-11 12:00:00 *.voiceofaphoenix.com, voiceofaphoenix.com - 2 entries

Is it possible to use that?

I was playing about with AWS certificate manager instead of the letsencrypt that I have to renew each time. I can do either I just want it so every 90 days I don’t have to go through this.

Your nameserver is ns73.domaincontrol.com. Is there an API support, so you can use one of these plugins?

I’m not so firm with the relation name server -> DNS plugins.

domaincontrol.com is GoDaddy.

acme.sh supports it, but Certbot doesn’t come with a plugin.

I don’t know if the API is available on all GoDaddy account and plan types.

1 Like

Thanks @mnordhoff - good to know.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.