I’m trying to renew my certificate by running $ certbot renew. When I run $ certbot renew I get the following output below.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.zambezi.io.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert from /etc/letsencrypt/renewal/www.zambezi.io.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/kalahari.herokuapp.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.zambezi.io/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)
I looked around and found this Error when trying to renew certificate created from manual mode post from the community. It looks like they had the same issue so I tried using their solution ````$ ./letsencrypt-auto renew --force-renewal``` but I was unable to replicate what they did to solve the issue. My domain name is www.zambezi.io, I’m on a MacOS Sierra. This is my first time trying to renew a certificate with Let’s Encrypt so I’m looking for someone who can help me solve this. Can anyone please help me navigate through this? Thank you.
You may need to speak with your service provider:
Name: www.zambezi.io.herokudns.com
Addresses: 50.16.185.73
54.243.92.110
54.225.132.168
54.197.237.112
50.17.199.1
54.235.190.41
54.243.124.65
23.23.90.198
Aliases: www.zambezi.io
It sounds like you used --manual when you originally created the certificate. In this case, the error message is correct that certbot renew cannot renew this certificate.
This is because --manual requires you to pause the process and take a step to change something, and then confirm when you’ve done so. certbot renew is designed to be run completely unattended with no human interaction, and is not programmed to be able to stop and wait for confirmation.
An alternative that can perform the renewal of certificates that were obtained with --manual is
Note that this doesn’t use certbot renew, but rather certbot certonly, which has different logic that does provide for human interaction when necessary.
Are you sure that you actually need --manual as opposed to some other method? Was there something about your setup that convinced you that --manual was the best way to obtain your certificate?
Thank you, I’ll try that out. I would prefer the other method. The reason
I ended up using --manual is because this was my first try setting up Lets
Encrypt a few months back and was not aware of the other method. I’m not
sure if it’s too late to change my set up so that I can use “$ certbot
renew” at this point.