Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ormutual.com
I ran this command: certbot renew --dry-run -v
It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/ormutual.com.conf
Certificate is due for renewal, auto-renewing...
Failed to renew certificate ormutual.com with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ormutual.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
My web server is (include version): nginx/1.20.1
The operating system my web server runs on is (include version): CentOS 8
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0
I'll include the logs for more clarity; not sure what it's failing on tbh.
2023-08-18 21:22:07,439:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-08-18 21:22:07,639:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-08-18 21:22:07,639:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3024/bin/certbot
2023-08-18 21:22:07,639:DEBUG:certbot._internal.main:Arguments: ['-v', '--dry-run', '--preconfigured-renewal']
2023-08-18 21:22:07,639:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-08-18 21:22:07,666:DEBUG:certbot._internal.log:Root logging level set at 20
2023-08-18 21:22:07,667:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/ormutual.com.conf
2023-08-18 21:22:07,686:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f454679fcd0> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f454679fcd0>
2023-08-18 21:22:07,686:DEBUG:certbot._internal.cli:Var dry_run=True (set by user).
2023-08-18 21:22:07,686:DEBUG:certbot._internal.cli:Var server={'staging', 'dry_run'} (set by user).
2023-08-18 21:22:07,686:DEBUG:certbot._internal.cli:Var dry_run=True (set by user).
2023-08-18 21:22:07,686:DEBUG:certbot._internal.cli:Var server={'staging', 'dry_run'} (set by user).
2023-08-18 21:22:07,686:DEBUG:certbot._internal.cli:Var account={'server'} (set by user).
2023-08-18 21:22:07,708:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2023-08-18 21:22:07,797:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2023-08-18 21:22:07,798:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/ormutual.com/cert1.pem is signed by the certificate's issuer.
2023-08-18 21:22:07,799:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/ormutual.com/cert1.pem is: OCSPCertStatus.GOOD
2023-08-18 21:22:07,802:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2023-09-07 20:35:24 UTC.
2023-08-18 21:22:07,802:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2023-08-18 21:22:07,802:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2023-08-18 21:22:07,804:DEBUG:certbot._internal.plugins.disco:Other error:(PluginEntryPoint#manual): An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 111, in prepare
self._initialized.prepare()
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/plugins/manual.py", line 115, in prepare
raise errors.PluginError(
certbot.errors.PluginError: An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.
2023-08-18 21:22:07,805:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2023-08-18 21:22:07,805:ERROR:certbot._internal.renewal:Failed to renew certificate ormutual.com with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
2023-08-18 21:22:07,806:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 533, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1544, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 256, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 374, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
2023-08-18 21:22:07,806:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-08-18 21:22:07,806:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed:
2023-08-18 21:22:07,806:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/ormutual.com/fullchain.pem (failure)
2023-08-18 21:22:07,806:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-08-18 21:22:07,806:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/3024/bin/certbot", line 8, in <module>
sys.exit(main())
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
return config.func(config, plugins)
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1636, in renew
renewal.handle_renewal_request(config)
File "/var/lib/snapd/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 559, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2023-08-18 21:22:07,807:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
Having separate certificates for the apex domain and the