cmsmesh.com-0001.conf content :
Options used in the renewal process
[renewalparams]
account = abc........
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = manual
manual_public_ip_logging_ok = True
I ran this command:
sudo certbot renew --dry-run --nginx
It produced this output:
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (cmsmesh.com-0001) from /etc/letsencrypt/renewal/cmsmesh.com-0001.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cmsmesh.com-0001/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cmsmesh.com-0001/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 20.04.2 LTS
My hosting provider, if applicable, is:
DigitalOcean
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0
The following certificate options (mainly the pref_challs setting), set when you first got the certificate:
is not compatible with the:
option. Because the nginx authenticator does not provide the dns-01 challenge.
When I check the certificates for your domain at crt.sh | cmsmesh.com I can see three certs: a non-wildcard due for renewal and a wildcard cert due for renewal and one which is just renewed.
My question to you would be: which one did you want to renew? The wildcard certificate or the non-wildcard certificate? But it seems you already managed to (manually?) renew your wildcard certificate.
Yes, using the hook enables certbot to auto-renew using the manual plugin. That said, I don't see a --manual-cleanup-hook which is required to delete the TXT records which were added using the --manual-auth-hook. Does that script acme-dns-auth.py also have the ability to delete the TXT records once they aren't necessary any longer? Or is that not required when using acme-dns? (I have no idea..)
I think you can forget about that cleanup hook. I don't see anything related to that hook on the Github README pages of acme-dns nor that of acme-dns-certbot (the script you're using). So perhaps it isn't required for acme-dns.
It depends on the method you've used to install certbot if there's such a cron task installed or not. For example, on Gentoo there is no such pre-installed cronjob.