Certbot-auto renew --dry-run problem


I have already installed and running certbot-auto in my Ubuntu 14.04 LTS server.

Apparently, thought, the certbot-auto renew doesn’t work. I discovered I had to manually renew my certifications by running:

./certbot-auto certonly --force-renewal -d <my domains> -vvv

When I tried

./certbot-auto renew --dry-run or event ./certbot-auto renew I get the following on the log file:

360:DEBUG:certbot.main:Root logging level set at 20 361:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 361:DEBUG:certbot.main:certbot version: 0.12.0 361:DEBUG:certbot.main:Arguments: ['--dry-run'] 361:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null) 362:DEBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 896, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 702, in renew renewal.handle_renewal_request(config) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 370, in handle_renewal_request raise errors.Error("Currently, the renew verb is capable of either " Error: Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future.

Anyone has any idea why certbot-auto renew fails?

My cronjob is

23 */12 * * * certbot-auto renew --quiet --no-self-upgrade >/dev/null 2>&1

Thank you


Hi @DrAnax,

Usually this problem is caused by listing domains in cli.ini; did you do that, by any chance?

(I’m planning to edit the cli.ini comments to remove the suggestion to specify domains, particularly since it tends to cause this problem.)


Indeed, my cli.ini reads:

rsa-key-size = 4096 email = <email> domains = <domains, comma separated>

after commenting out the domains, all works flawlessly. Thanks for the help!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.