Cant renew the certification with error‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively’


#1

I created My certification two months ago,now it’s going to expire soon,

create certification command :
./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d “*.ctsig.com” --manual --preferred-challenges dns-01 certonly

My domain is:
ctsig.com

I ran this command to renew certification:
./certbot-auto renew

It produced this output:

Processing /etc/letsencrypt/renewal/ctsig.com.conf


Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (ctsig.com) from /etc/letsencrypt/renewal/ctsig.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ctsig.com/fullchain.pem (failure)

My web server is (include version):nginx-1.12.2

The operating system my web server runs on is (include version):CentOS Linux release 7.4.1708

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


#2

certbot renew does not work when you manually issue certificates (rather than using an automatic method of performing the domain validation).

If you intend to continue using the manual method, then you should just run the same command you originally did:

./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d “*.ctsig.com” --manual --preferred-challenges dns-01 certonly

#3

Thanks az!
By the way ,now how can I create certification when I already have certification instead of my way? because I want to use ‘certbot renew’ to renew certification on cron job in the future.


#4

You would need to use a script to automatically perform the DNS challenge: https://certbot.eff.org/docs/using.html#pre-and-post-validation-hooks . Whether or not you can do this depends on your DNS host.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.