Certificate renewal error

My domain is: jeedom.beavis6511.ovh

I ran this command:certbot-auto renew --dry-run

It produced this output:
Challenge failed for domain jeedom.beavis6511.ovh
dns-01 challenge for jeedom.beavis6511.ovh
Cleaning up challenges
Running manual-cleanup-hook command: ./manual-cleanup-hook.py
Attempting to renew cert (jeedom.beavis6511.ovh) from /etc/letsencrypt/renewal/jeedom.beavis6511.ovh.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/jeedom.beavis6511.ovh/fullchain.pem (failure)

My web server is (include version): Apache/2.4.25

The operating system my web server runs on is (include version): Raspbian (debian 9.9)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.36.0

Hello,
another problem with the renew of a certificate. The last time I run the renewal command it was OK. Today it’s not OK anymore :frowning:
Thanks for your help !

Hi @beavis6511

please share your config file.

/etc/letsencrypt/renewal

So we see the real parameters you have used. And your error message is incomplete.

/etc/letsencrypt/renewal/jeedom.beavis6511.ovh.conf :

renew_before_expiry = 30 days

version = 0.30.0
archive_dir = /etc/letsencrypt/archive/jeedom.beavis6511.ovh
cert = /etc/letsencrypt/live/jeedom.beavis6511.ovh/cert.pem
privkey = /etc/letsencrypt/live/jeedom.beavis6511.ovh/privkey.pem
chain = /etc/letsencrypt/live/jeedom.beavis6511.ovh/chain.pem
fullchain = /etc/letsencrypt/live/jeedom.beavis6511.ovh/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = manual
account = ad08217c3293dc106f9e9cab75b8d8fe
manual_public_ip_logging_ok = True
manual_auth_hook = ./manual-auth-hook.py
server = https://acme-v02.api.letsencrypt.org/directory
manual_cleanup_hook = ./manual-cleanup-hook.py
pref_challs = dns-01,
root@raspberrypi:/opt/letsencrypt#

Maybe a version error ?

You use --manual, so you can`t use “renew”.

Manual dns challenge -> use the same complete command you have used the first time to create a new certificate.

./certbot-auto certonly --preferred-challenges dns-01 --manual --manual-auth-hook ./manual-auth-hook.py --manual-cleanup-hook ./manual-cleanup-hook.py -d jeedom.beavis6511.ovh

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for jeedom.beavis6511.ovh


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: Y
Running manual-auth-hook command: ./manual-auth-hook.py
Output from manual-auth-hook command manual-auth-hook.py:
1613095680

Waiting for verification…
Challenge failed for domain jeedom.beavis6511.ovh
dns-01 challenge for jeedom.beavis6511.ovh
Cleaning up challenges
Running manual-cleanup-hook command: ./manual-cleanup-hook.py
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: jeedom.beavis6511.ovh
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.jeedom.beavis6511.ovh

Then this script is wrong.

Remove it and use the real --manual mode.

How to use the real --manual mode ?

I’ve relaunch

./certbot-auto renew --no-self-upgrade

and it works …

1 Like