Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: gdc.com
I ran this command: sudo certbot renew --noninteractive --post-hook "service wftpserver restart"
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/gdc.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Failed to renew certificate gdc.com with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/gdc.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): WingFTP Server 7.2
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: Linux ubftp 5.15.0-69-generic #76-Ubuntu SMP Fri Mar 17 17:19:29 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
As descriptive as that may be...
The Devil's Advocate would argue: But it has always worked before!
So, something isn't going according to plan.
So... what is the plan exactly?
Oh yeah, let's see what's in the renewal.conf file [to better understand how it was able to work last time].
And we should also address:
Why?:
Why not just run "certbot renew" ?
Why add that hook there now?
How was it working before? [deja-vu]
We should look at the renewal.conf file to see why. [deja-vu all over again!]
it states
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
I do not know what authentication script its referring to
Are you familiar with the "manual" plugin referred in the error message? Did you originally set up Certbot or did perhaps someone else do that?
If you're not familiar with the manual plugin, I'd like to suggest to go read the Certbot documentation about that plugin to familiarise yourself with it. You might even come across something about that authentication script thingy the error message is referring to. Hint: you do.
Why did you just delete the post with the contents of the .conf file? Although the error message is pretty clear, the config file makes it explicit--you'd previously obtained the cert using DNS validation in manual mode, which requires that you manually make changes to your DNS records. In order to automate this (the --noninteractive flag you're using), you need to tell certbot how to make those changes automatically. You do that by using --manual-auth-hook and pointing it to a script that can mmake those updates.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/gdc.com.conf
Failed to renew certificate gdc.com with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/gdc.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I need to restart the service that uses the script
This is the first time running via crontab
I followed a how to and I thought I did everything they suggested . When I executed the commands the first time they seemed to produce results similar to the doc I was following so I thought I was OK
DNS authentication requires that a TXT record be added to your global DNS zone.
That appears to have been done manually on your last renewal.
Manual interactions can't be automated.
I see that you are using Network Solutions DNS [or some reseller]: