Error on certbot dry run, but I think this is obsolete configuration file


#1

Reference Old certificate from godaddy getting in the way

I’m seeing an error for loutilities.com (Attempting to renew cert (loutilities.com) from /etc/letsencrypt/renewal/loutilities.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.), but not for www.loutilities.com, configuration of which is used for both www.loutilities.com and loutilities.com.

I think I just need to delete the /etc/letsencrypt/renewal/loutilities.com.conf file. But is there a cleaner/better way to get rid of this error?

My domain is: loutilities.com

I ran this command: sudo certbot renew --dry-run

It produced this output: (abbreviated for clarity)

Saving debug log to /var/log/letsencrypt/letsencrypt.log

:


Processing /etc/letsencrypt/renewal/loutilities.com.conf


Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (loutilities.com) from /etc/letsencrypt/renewal/loutilities.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.

:


Processing /etc/letsencrypt/renewal/www.loutilities.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for loutilities.com
http-01 challenge for www.loutilities.com
Waiting for verification…
Cleaning up challenges
Resetting dropped connection: acme-staging-v02.api.letsencrypt.org


new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.loutilities.com/fullchain.pem


:

The following certs could not be renewed:
/etc/letsencrypt/live/loutilities.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/scoretility.com/fullchain.pem (success)
/etc/letsencrypt/live/sandbox.steeplechasers.org/fullchain.pem (success)
/etc/letsencrypt/live/sandbox.contracts.loutilities.com/fullchain.pem (success)
/etc/letsencrypt/live/test.steeplechasers.org/fullchain.pem (success)
/etc/letsencrypt/live/beta.scoretility.com/fullchain.pem (success)
/etc/letsencrypt/live/steeplechasers.org/fullchain.pem (success)
/etc/letsencrypt/live/www.loutilities.com/fullchain.pem (success)
/etc/letsencrypt/live/www.contracts.loutilities.com/fullchain.pem (success)
/etc/letsencrypt/live/sandbox.scoretility.com/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/loutilities.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810 (Core)

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.29.1


#2

You can get rid of that .conf file with:

certbot delete --cert-name loutilities.com

But first you need to confirm that Apache is not relying on that certificate (instead relying on the one with one called www.loutilities.com). Make sure it’s not referenced anywhere in your config:

grep -RF "/etc/letsencrypt/live/loutilities.com" /etc/apache2

If you find any such references, just update them to point to the www. version.


#3

That works just fine – thanks!


closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.