Manual plugin not working error, on renewal

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: landproject.davidjpeacock.dev

I ran this command: sudo certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/landproject.davidjpeacock.dev.conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (landproject.davidjpeacock.dev) from /etc/letsencrypt/renewal/landproject.davidjpeacock.dev.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/landproject.davidjpeacock.dev/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/landproject.davidjpeacock.dev/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):

N/A; this certificate is targeted for a GitLab Pages website.

The operating system my web server runs on is (include version):

N/A; this certificate is targeted for a GitLab Pages site.

My hosting provider, if applicable, is:

GitLab Pages

I can login to a root shell on my machine (yes or no, or I don’t know):

no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.23.0

2

Hi @davidjpeacock

looks like your earlier command

has used the --manual - option. So you can't use the simple renew command.

There is one older certificate ( https://check-your-website.server-daten.de/?q=landproject.davidjpeacock.dev#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
807792469 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-03-13 01:50:18 2019-06-11 01:50:18 landproject.davidjpeacock.dev
1 entries

Which command did you used to create that certificate?

Perhaps --manual and dns-01 validation. So you have to do that again.

Your certbot

is very old. Perhaps update.

3

Hi @JuergenAuer,

Thanks for replying and offering help; it’s appreciated. :slight_smile:

I was operating originally off GitLab’s guide (I appreciate this isn’t Let’s Encrypt’s guide), here:
https://docs.gitlab.com/ee/user/project/pages/lets_encrypt_for_gitlab_pages.html

The original command was as per their example:

sudo certbot certonly -a manual -d example.com --email your@email.com

Questions for followup:

  1. How do I do a renew adapted to the command I used to create the cert? If you can be explicit I’d appreciate it if possible please.
  2. Regarding upgrade of the certbot tool; I thought I installed it through the regular Ubuntu method, but despite keeping my system up to date, it hasn’t updated. Is there a guide to updating certbot around?

Thanks,
David

2 Likes
4

@JuergenAuer,

To followup, I guess a succinct version of my question since I can’t make sense of the slightly ambiguous docs is: Do I need to just reissue a new cert as if I never had one with the original command, or do I need to do a “manual renew” of some sort with the renew command? If the latter, how, exactly?

5

Following up for future readers of this thread.

I tried doing the exact command I used to get my cert originally. Certbot was smart enough to figure out that it was renewing an existing cert, and I was prompted to perform an http-01 challenge, which successfully renewed the cert.

Thanks to @JuergenAuer for his pointer.

2 Likes
6

You can always use exact the same command. That should always work.

Happy to read that you have a new certificate.

1 Like
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.