My certificate renewals are failing when run from cron with the message "An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively". I'm confused by this message as I'm using the Linode plugin, not manual.
My domain is: greasyfork.org and sleazyfork.org
I ran this command: (from cron) certbot renew --dns-linode --dns-linode-credentials /path/to/linode.ini
It produced this output:
2021-04-12 15:13:18,047:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 1491
2021-04-12 15:13:18,562:DEBUG:certbot._internal.main:certbot version: 1.14.0
2021-04-12 15:13:18,563:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1093/bin/certbot
2021-04-12 15:13:18,563:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2021-04-12 15:13:18,563:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#dns-linode,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-04-12 15:13:18,585:DEBUG:certbot._internal.log:Root logging level set at 30
2021-04-12 15:13:18,585:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-04-12 15:13:18,586:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/greasyfork.org.conf
2021-04-12 15:13:18,637:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f250e316f10> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f250e316f10>
2021-04-12 15:13:18,681:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-04-12 15:13:18,796:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-04-12 15:13:18,798:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/greasyfork.org/cert3.pem is signed by the certificate's issuer.
2021-04-12 15:13:18,805:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/greasyfork.org/cert3.pem is: OCSPCertStatus.GOOD
2021-04-12 15:13:18,809:INFO:certbot._internal.renewal:Cert not yet due for renewal
2021-04-12 15:13:18,810:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-linode and installer None
2021-04-12 15:13:18,810:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/sleazyfork.org.conf
2021-04-12 15:13:18,847:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-04-12 15:13:18,866:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-04-12 15:13:18,867:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/sleazyfork.org/cert1.pem is signed by the certificate's issuer.
2021-04-12 15:13:18,868:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/sleazyfork.org/cert1.pem is: OCSPCertStatus.GOOD
2021-04-12 15:13:18,868:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-05-02 01:51:18 UTC.
2021-04-12 15:13:18,869:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing...
2021-04-12 15:13:18,869:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 306.3655354940383 seconds
2021-04-12 15:18:25,322:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2021-04-12 15:18:25,327:DEBUG:certbot._internal.plugins.disco:Other error:(PluginEntryPoint#manual): An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.
Traceback (most recent call last):
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 158, in prepare
self._initialized.prepare() # type: ignore
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/plugins/manual.py", line 91, in prepare
raise errors.PluginError(
certbot.errors.PluginError: An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.
2021-04-12 15:18:25,327:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2021-04-12 15:18:25,327:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2021-04-12 15:18:25,327:INFO:certbot._internal.main:Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
2021-04-12 15:18:25,328:ERROR:certbot._internal.renewal:Failed to renew certificate sleazyfork.org with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
2021-04-12 15:18:25,329:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 481, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1239, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 224, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 328, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
2021-04-12 15:18:25,329:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-04-12 15:18:25,329:DEBUG:certbot.display.util:Notifying user: The following certificates are not due for renewal yet:
2021-04-12 15:18:25,329:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/live/greasyfork.org/fullchain.pem expires on 2021-07-08 (skipped)
2021-04-12 15:18:25,329:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-04-12 15:18:25,329:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/sleazyfork.org/fullchain.pem (failure)
2021-04-12 15:18:25,329:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-04-12 15:18:25,329:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1093/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1435, in main
return config.func(config, plugins)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1328, in renew
renewal.handle_renewal_request(config)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 506, in handle_renewal_request
raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-04-12 15:18:25,330:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): Ubuntu 20.04.2
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.14.0