Certbot-auto renew failure and now *.domain needs renewal


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: zenez.com, *.zenez.com, mwiap.com, *.mwiap.com, livingpositivedaily.com, *.livingpositivedaily.com, herbalnaturalremedies.info, *.herbalnaturalremedies.info, livingpositivedaily.net, and *.livingpositivedaily.net

I ran this command: ~/ssl/certbot-auto renew then ~/ssl/certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d domain.com -d *.domain.com, ~/ssl/certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d zenez.com -d *.zenez.com and ~/ssl/certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d mwiap.com -d *.mwiap.com

It produced this output: for each domain it gave the below then on the second command above seemed to work but today I received messages. about *.zenez.com and *.mwiap.com going to expire.
Processing /etc/letsencrypt/renewal/livingpositivedaily.com.conf


Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there
may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with
–manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (livingpositivedaily.com) from
/etc/letsencrypt/renewal/livingpositivedaily.com.conf produced an unexpected
error: The manual plugin is not working; there may be problems with your
existing configuration.
The error was: PluginError(‘An authentication script must be provided with
–manual-auth-hook when using the manual plugin non-interactively.’,).
Skipping.

My web server is (include version): apache 2.4.23-22.1

The operating system my web server runs on is (include version): openSUSE Leap 42.3

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hello,

Your certificate (or certificates) for the names listed below will expire in
19 days (on 17 Jun 18 14:51 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter
errors.

*.mwiap.com

For any questions or support, please visit
https://community.letsencrypt.org/.

and
Hello,

Your certificate (or certificates) for the names listed below will expire in
20 days (on 17 Jun 18 13:11 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter
errors.

*.zenez.com

For any questions or support, please visit
https://community.letsencrypt.org/.

-~/ssl/certbot-auto renew --manual --preferred-challenges dns
shows nothing to renew

help??


#2

Hi,

For those domains with manual plugin, you would need to run the certonly again… (If you don’t have the DNS script that can automate the process)

Thank you


#3

The emails explain why.

https://crt.sh/?q=*.mwiap.com
https://crt.sh/?q=*.zenez.com

There were two “*.example.com” certificates issued March 19, and two "example.com and *.example.com" certificates issued March 21. The latter certificates were renewed May 25.

You probably stopped using the March 19 certificates on March 21. If your systems are only using the newest certificates, you can ignore the emails about the old certificates. (You’ll get a couple more and then the emails will stop after they expire.)


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.