Certbot renew failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: web-brain.de , *.web-brain.de

I ran this command: certbot renew

It produced this output: Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (web-brain.de) from /etc/letsencrypt/renewal/web-brain.de.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.

My web server is (include version): nginx 1…14.0

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: Strato

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0

Hi @martin.brunn

if you want to create a wildcard certificate, dns validation is required.

But last time you have used --manual. So you can't use only renew.

Use your last complete command again, if your dns provider doesn't support an API.

Perhaps add --cert-name to overwrite the existing certificate (instead of creating a new folder with -0001, -0002 ....).

https://certbot.eff.org/docs/using.html

1 Like

My DNS provider is 1und1 Ionos.
Do you know whether they provide an API?
How can I find out?

Ask the support of Ionos.

But acme.sh supports a lot of DNS API-solutions, there

is no IONOS listed -> may not exist -> use --manual.

PS: Do you really need a wildcard? If not, switch to http validation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.