PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively

I want to migrate certificate from ServerA to ServerB.
After Copying /etc/letsencrypt to ServerB
Then I try command certbot renew --dry-run and I got the error message.
So I want to try command certbot certonly --manual -d (domain).
Is ServerA's certificate also affected or updated?
ServerA is public website and still working.

No, separate certificates are (almost) fully separate entities. Only with things like identical private keys and revocation separate certificates might be affected. If 2 certs have 2 different private keys, then even revocation can't influence the other.

3 Likes

Thank you for replying sir.

If 2 certs have 2 different private keys
Sorry I don't understand it correctly....
I copied all ServerA certificates(privkey.pem,etc) to ServerB.
Are certificates not fully separate entities?

Please clarify:

2 Likes

certbot renew can't work for certificates that you created with --manual that require human interaction for the authentication process. This is a general Certbot limitation, and not specific to copying certificates from one server to another. I would expect that the same error would appear if you ran the certbot renew command on the original server, too.

That's the right approach for an interactive manual renewal. In neither case (certbot renew or certbot certonly) will the original server or certificate be affected. The difference in names between renew and certonly doesn't change that. (Both are performing a "renewal" from Certbot's point of view, which means issuing a new, updated certificate which can be used in place of the old certificate if installed where the old certificate was installed. That doesn't invalidate the old one, and it also doesn't change copies of the old one to have a different expiration date. The old certificate still has the same contents and still has the same validity and expiration as it did before.)

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.