Certbot auto upgrades to 0.28.0 and fails


#1

I just ran certbot-auto renew and the first thing it does is to upgrade itself without asking me.

The upgrade then fails for ALL domains. BTW, I only have wildcard domains. Note, this used to work before certbot-auto forced the upgrade.

I get the following errors for each domain.


Processing /etc/letsencrypt/renewal/nilsen.tk.conf


Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (nilsen.tk) from /etc/letsencrypt/renewal/nilsen.tk.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuratio
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.


#2

Hi,

Because you are manually entering DNS records into your DNS provider, it’s not able to renew in this way…
You’ll always need to create a new certificate instead of renewing if you do not have a script that could automatically process those validations/operations.

Do you have a script that could update the DNS records for you?

Thank you


#3

The wildcard cert for the domain shown (nilsen.tk) has never been renewed…
So, I don’t understand this statement:


#4

I have many certificates and nilsen.tk is just one of them. I was sure it had updated one of the others previously, but if stevenzhu is correct, I will not be able to auto update these certs.
I have a script that automates creating certs and setting DNS entries. I guess I need to modify this script to create new certificates instead of trying to update them by running “certbot-auto renew”


#5

If you have scripts for the challenges, i.e., no human input is required to get a certificate, you can use certbot renew perfectly.


#6

In this case, could you please try specify the script you created for makeing DNS entries by adding --manual-auth-hook $yourscriptpath after the ./certbot-auto renew ?

For example, ./certbot-auto renew --manual-auth-hook /etc/something/something.sh

Thank you


#7

Hmm, my script is not using the $yourscriptpath as you suggested. In fact, I have a Lua script that runs certbot-auto as an external process, parses the certbot output, and sets DNS entries when requested by certbot.


#8

Okay… I’m not too familiar with lua, the renewal could be a “silent process” that designed to work with cron or systemd timer (which means they’ll produce minimum outputs) and I don’t think there’s any output that the script are able to parse…

Instead of running certbot-auto inside a lua script, could you please try to make a renewal hook that pass the validation tokens generated by Let’s Encrypt to your lua script (trigger the lua script with the txt tokens…)?

Thank you