Getting Error while renewing wildcard SSL certificate for domain (*.performoo.com)

manmohan · September 1, 2022, 4:02pm

Hi Guys,
I am getting below error while renewing the wildcard SSL certificate:
##########################################################################
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/performoo.com.conf

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Failed to renew certificate performoo.com with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/performoo.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

####################################################################

I have generated the certificate using below command:
sudo certbot certonly --manual

Please help
Thanks

Bruce5051 · September 1, 2022, 4:16pm

Here are some links to wildcard certificates with Let's Encrypt

Osiris · September 1, 2022, 5:07pm

Please read User Guide — Certbot 2.6.0 documentation, especially the part about renewing.

manmohan · September 2, 2022, 4:11am

Do I need to make TXT record entry everytime when I am renewing the wildcard SSL certificate?

Is there any other option?

Osiris · September 2, 2022, 6:05am

Yes. Validations are only valid for 30 days and it's recommended to renew after 60 days of the certs lifetime. So you'd need to validate the domain again, necessitating a new TXT record.

Usually, one wants to automate the challenges. For the http-01 challenge this is usually very simple, but wildcards require the dns-01 challenge and thus TXT records using DNS. It depends on your DNS provider if it has an easily accessible API if it's automatable or not.

system · October 2, 2022, 6:05am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.