Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
Cert is due for renewal, auto-renewing…
Non-interactive renewal: random delay of 169.928341364 seconds
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (geotargetus.net) from /etc/letsencrypt/renewal/geotargetus.net.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/geotargetus.net/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
My web server is (include version): Apache
The operating system my web server runs on is (include version): Centos
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
It looks like you’re trying to use --manual in non-interactive mode, which means that you need to provide scripts via the --manual-auth-hook and --manual-cleanup-hook options to set up the challenges for you (e.g. dns txt records for dns-01 challenges or challenge files for http-01 challenges). You can also get rid of the --non-interactive (-n) option to have the client pause before validating the challenges so that you can manually create the necessary challenge files/records.
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (geotargetus.net) from /etc/letsencrypt/renewal/geotargetus.net.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (geotargetus.net) from /etc/letsencrypt/renewal/geotargetus.net.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
When you run various options like what @rg305 suggested, certbot will automatically update the configuration for you. That’s probably more efficient than changing the configuration manually then running without options.
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Attempting to renew cert (geotargetus.net) from /etc/letsencrypt/renewal/geotargetus.net.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS… Skipping.
As mentioned before, you were using the manual plugin (until @freessltools.com suggested you to erroneously modify your renewal configuration file into a non-working situation), which requires scripts to place and remove the TXT records in the DNS system to get a wildcard certificate. See the certbot documentation about Pre and Post Validation Hooks for more information about those scripts.
You could also choose not to use a wildcard certificate if it isn't really necessary. But I don't know how many hostnames are used for that certificate, so only you know that. If you don't actually need a wildcard certificate (because only a few non-dynamic subdomains are used), you could get a new certificate for just those hostnames with the http-01 challenge.
Another option is to keep using the dns-01 plugin with the wildcard certificate, but not use the manual plugin, but choose one of the DNS plugins, if they are available and installable and your DNS is hosted at a suitable DNS provider (not sure if they are available on CentOS..)
The last but not so good option is to not use certbot renew but use the exact same command you used to get the certificate in the first place every 60 to 90 days. This would still use the manual plugin and still use the wildcard certificate and would require you to add and remove the TXT records manually every time...
This is a Community of volunteers.. Please don't be rude. There was exactly 25 minutes between your posts.. I for one will leave this thread now.
