How to automatically renew certificates?

Using this method had worked until about a day or two ago after running “git pull” to update my official LE client; I know get this error upon a renewal attempt:

letsencrypt: error: agree-dev-preview set to ‘True’ rather than a value

what’s going on now? is it related to the public beta or a client update or elsewhere? Thanks.

Don't use "agree-dev-preview".
It's deprecated

I thought about that and removed it from my cli.ini file but still receive the same exact error msg. my ini now consists of:

authenticator = webroot
webroot-path =
server =
email = postmaster@

and my sh script follows the above example.

should be

renew-by-default = True

made no difference; same error.

strange i am having no problems using webroot and renewal via webroot.ini see Let's Encypt Enters Public Beta

contents of my /etc/letsencrypt/webroot.ini

# webroot.ini general config ini

rsa-key-size = 2048

# Always use the staging/testing server
#server =

# for beta invitees
server =

# Uncomment and update to register with the specified e-mail address
email = myemail

# Uncomment to use a text interface instead of ncurses
text = True
agree-tos = True
renew-by-default = True

authenticator = webroot

i define the webroot path on the command line

letsencrypt -c /etc/letsencrypt/webroot.ini --user-agent centminmod-centos6-webroot --webroot-path /home/nginx/domains/ -d certonly

so i re-added agree-dev-preview (just for grins) but gave it an arbitrary value and now received this:

Use of --agree-dev-preview is deprecated.

followed by my errant value: letsencrypt: error: unrecognized arguments: Y

but still doesn’t work.

i user centos 7 in case that matters…

Yeah i test both both CentOS 7.1 via default python 2.7 system and CentOS 6.7 via IUS Community repo’s python 2.7.10 side install

i see the same error even when running a basic command such as

./letsencrypt-auto --help webroot

i use letsencrypt command not letsencrypt-auto

/root/.local/share/letsencrypt/bin/letsencrypt --version
letsencrypt 0.1.0

no problems

/root/.local/share/letsencrypt/bin/letsencrypt --help webroot
letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] …

The Let’s Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:

(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka “auth”)
install Install a previously obtained cert in a server
revoke Revoke a previously obtained certificate
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins

optional arguments:
-h, --help show this help message and exit
config file path (default: None)

Webroot Authenticator

-w WEBROOT_PATH, --webroot-path WEBROOT_PATH
public_html / webroot path. This can be specified
multiple times to handle different domains; each
domain will have the webroot path that preceded it.
For instance: -w /var/www/example -d -d -w /var/www/thing -d -d (default: None)

nope; same error. in fact, even the version command produces said error.

maybe reinstall the client

already done; and by that i mean i moved my /letsencrypt folder elsewhere and re-pulled from git. any other steps needed?

I just tried requesting a brand new cert with an original domain with no luck; i received the same error. has no one else really seen this using centos 7 and webroot auth with nginx?

now i can’t request addt’l new certs anymore… :frowning:

There is a project out there called Caddy which automatically integrates LE and i tested that; works fine with a new unique cert / domain request.

1 Like

strange having no problems with my Centmin Mod LEMP Nginx stack with CentOS 6.7 or 7.1 uses webroot too Letsencrypt Free SSL Certificates

have you tried without a .ini file passed on cmd line and just doing full webroot commands too ? maybe it's some formatting issue in your .ini file ?

yes i tried with cmd line only; no joy.

Now I’m really confused; I just tried again with a new domain and this time strictly followed the Beta invite’s email instructions (with letsencrypt-auto):

/root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --webroot-path /usr/lib/mailman -d --server --agree-dev-preview

and while it did warn me of the deprecation of the agree-dev-preview command, it worked, for the new cert.

Now I just tried renewing the same cert i just received, this time adding --renew-by-default, and it also now worked fine, while still warning me of the deprecated command.

So now I went back to one of my original domains (one cert, 2 domains) I had been trying to renew for days now (as a test), and SOB, it appears to possibly have worked except i got rateLimited (probably due to my testing).

So IDK what’s up but it works now seemingly. WTF!? haha…

1 Like

weird you sure previously you used bin/letsencrypt and not bin/letsencrypt-auto when running webroot command ?