successfully got a certificate using this command:
sudo certbot -d site.your.dom.ain --manual --preferred-challenges dns certonly
using apache and successful website browsing using https
how do i renew it?
i tried to a cert renewal dry run
i tried sudo certbot renew --dry-run but failed
Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(âAn authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.â,)
Attempting to renew cert (xx.DOMAINâŚxx) from /etc/letsencrypt/renewal/xx.DOMAINâŚxx.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(âAn authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.â,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xx.DOMAINâŚxx/fullchain.pem (failure)
Since you used --manual the default renewal method will also be "manual".
And since your cert challenge was via DNS, you will need follow the onscreen prompts or provide a --manual-auth-hook that can use a DNS plugin to update your DNS zone.
To expand on that, when you use --manual the certbot renew method doesnât work because it only supports unattended, noninteractive renewal. To interactively renew a certificate that was obtained with certonly --manual, you should rerun the original certonly command.
Sort of. Not as easily. You canât use certbot renew to do it, but you can run something similar.
You could run the command to create a certificate with â--duplicateâ and â--stagingâ added. This would create a fake staging certificate, but save it like a real certificate. (It would be renewed two months from now and everything.)
sudo certbot certonly --duplicate --manual --preferred-challenges dns --staging -d site.your.dom.ain
It would probably be saved with the name site.your.dom.ain-0001, and you could then delete it with:
Donât go deleting random certiifcates without checking the name, though â itâs shown in the file paths when creating the certificate, or by running: