I am able to run "certbot --apache -d soul-bass.com" no problem but because I am migrating servers I need to install the cert using DNS verification and renew it automatically using Apache.
This fails "certbot run -a apache -i manual -d soul-bass.com"
An unexpected error occurred:
zope.interface.exceptions.MultipleInvalid: The object <certbot._internal.plugins.manual.Authenticator object at 0x7fb47f8bcb50> has failed to implement interface :
Does not declaratively implement the interface
The certbot.interfaces.IInstaller.get_all_names() attribute was not provided
The certbot.interfaces.IInstaller.deploy_cert(domain, cert_path, key_path, chain_path, fullchain_path) attribute was not provided
The certbot.interfaces.IInstaller.enhance(domain, enhancement, options=None) attribute was not provided
The certbot.interfaces.IInstaller.supported_enhancements() attribute was not provided
The certbot.interfaces.IInstaller.save(title=None, temporary=False) attribute was not provided
The certbot.interfaces.IInstaller.rollback_checkpoints(rollback=1) attribute was not provided
The certbot.interfaces.IInstaller.recovery_routine() attribute was not provided
The certbot.interfaces.IInstaller.config_test() attribute was not provided
The certbot.interfaces.IInstaller.restart() attribute was not provided
My web server is (include version):
The operating system my web server runs on is (include version):
Debian 11
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
That seems like it should work but you must format it like this instead
certbot certonly -a apache -d soul-bass.com
Using -a apache does not do a DNS challenge. It uses the apache authenticator so is an http challenge.
Can't you just copy over your entire /etc/letsencrypt folder structure and use that on your new server? Make sure to preserve the symlinks in the ../live/ folders
Then, once its running renew those certs with apache plug-in like you show and make sure the autorenew is setup too.
The new server is a completely different OS and much higher version so I don't want to cause trouble by copying the whole folder. But it's a good idea, are there certain directories I could copy rather than the thole folder?
I think OP would like to do -a manual -i apache. I.e.: the other way around
@binaryfarm Note that you cannot automatically renew any certificate issued with the manual authenticator, unless you can provide scripts which automatically add (and remove) the required TXT record for DNS authentication.
You could try certbot update_symlinks (see here) but another option is just to use a method to transfer that preserves them. If you let us know what OS are old/new we may suggest something.
It's a different version of Apache, I am going from Centos 8 to Debian 11 which has a completely different way of configuring sites. Debian uses the sites-enabled folder and Centos 8 doesn't. Certbot update_symlinks doesn't work by the way it expects a symlink to exist.
Can't you just use tar to copy the files over? Maybe like:
tar -cvzf letsencrypt.tar.gz /etc/letsencrypt
Your apache folder structure may be different but are your VirtualHosts the same? In other words, how are you setting up your new server for https VirtualHosts?
The Apache on Centos 8 just requires a config file, on Debian you also have to run a2ensite, also on Debian certbot creates a separate config file for SSL as oppose to edited the config file on Centos 8.
I must just resign myself to going through each site as it will be quicker.
It sounds like you want the apache plug-in to setup new VirtualHosts rather than trying to copy those over by hand into the new debian layout.
You could do what you described at the start and get a set of certs on debian using manual DNS challenge with apache installer. It's just the opposite parameters of what you started with (as Osiris noted) so something like:
certbot -a manual -i apache --preferred-challenges=dns-01 -d soul-bass.com
Then, once the new server is running you need to run certbot again to change from manual DNS to apache authenticator and installer.