Issue with auto renewal of certificate using Certbot

Hi,

The Certificate I have is about to expire, so I am in process of renewing it using certbot.
Getting the bellow error while running the queries “./certbot-auto renew” “./certbot-auto renew --dry-run”.

/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/supplychain.sit.hmdglobal.com.conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (supplychain.sit.hmdglobal.com) from /etc/letsencrypt/renewal/supplychain.sit.hmdglobal.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/supplychain.sit.hmdglobal.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/supplychain.sit.hmdglobal.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

What can be done to rectify this issue or is there any better way to renew a certificate?

Thanks

Not sure what web server you are using, but if it’s really urgent just do the following

sudo service nginx stop
sudo ./certbot-auto renew
sudo service nginx restart

or

sudo service apache2 stop
sudo ./certbot-auto renew
sudo service apache2 restart

When you use the manual plugin, automated renewals are not possible because manual requires some kind of human interaction. I’m afraid @MitchellK’s advice does not directly address this problem and probably won’t solve things for you… because this is a very specific detail of the design of certbot renew.

Instead of running ./certbot-auto renew here, I suggest re-running the ./certbot-auto certonly command that you originally used to obtain your certificate. It should detect the existing certificate and offer to replace it with a newly-obtained one, using the same manual authentication method that you used when you first obtained the certificate.

Maybe we need to update this error message to make it a little clearer (or even offer a ./certbot-auto renew-interactively command that doesn’t produce this error)!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.