PluginError - Can't renew

Help
1

My domain is: dranicajevremovic.com

I ran this command: sudo certbot renew --preferred-challenge http

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/dranicajevremovic.com.conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (dranicajevremovic.com) from /etc/letsencrypt/renewal/dranicajevremovic.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration .
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache 2.4.37

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Lightsail

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site: no

The version of my client is: certbot 0.31.0

2

Looks like you originally used --manual to create your certificate?

For automatic renewal, you need to use one of the available authentication plugins (such as --apache or --webroot or --manual with custom authentication scripts).

For example, you can try:

certbot renew --cert-name dranicajevremovic.com --apache --dry-run
1 Like
3

Non of it worked.

sudo certbot renew --cert-name dranicajevremovic.com --apache --dry-run

Attempting to renew cert (dranicajevremovic.com) from /etc/letsencrypt/renewal/d ranicajevremovic.com.conf produced an unexpected error: The requested apache plu gin does not appear to be installed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

sudo certbot renew --cert-name dranicajevremovic.com --manual --dry-run

Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non- interactively.’,)
Attempting to renew cert (dranicajevremovic.com) from /etc/letsencrypt/renewal/dranicajevremovic.com.conf produced an unexpecte d error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non- interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

sudo certbot renew --cert-name dranicajevremovic.com --webroot --dry-run

Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (dranicajevremovic.com) from /etc/letsencrypt/renewal/dranicajevremovic.com.conf produced an unexpecte d error: None of the preferred challenges are supported by the selected plugin. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

4

Try these instructions to install the correct packages for your server: https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

and try the --apache one again.

1 Like
5

Ah, I just noticed that your certificate is actually a wildcard. This prevents you from using the Apache authenticator, or webroot, or any of the HTTP-based challenges.

That’s probably why you used --manual in the first place.

Certbot doesn’t support automatic renewal via Loopia (your DNS provider). So if you want to continue using Certbot, you’re going to have to do everything manually (which doesn’t support automatic renewal):

certbot certonly --cert-name dranicajevremovic.com \
-d dranicajevremovic.com -d "*.dranicajevremovic.com" \
--manual --preferred-challenges dns

If you want to pursue automatic renewal, you’re going to have to look for different Let’s Encrypt software that supports Loopia.se DNS validation. For example, acme.sh supports it: https://github.com/Neilpang/acme.sh/wiki/dnsapi#44-use-loopia-api , but it means removing Certbot and using it instead.

1 Like
6

I understand.
Thank you so much for your help!

8

I used this command and got:

Waiting for verification...
Resetting dropped connection: acme-v02.api.letsencrypt.org
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges
Resetting dropped connection: acme-v02.api.letsencrypt.org

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/dranicajevremovic.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/dranicajevremovic.com/privkey.pem
    Your cert will expire on 2019-10-08. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

But it's not working?

My site is still showing as unsafe.

Am I missing something?

9

You would need to additionally reload Apache:

service apache2 reload

(when you call Certbot, you can also pass --deploy-hook "service apache2 reload").

1 Like
10

Hi @HelpNeeded

there is a check of your domain - https://check-your-website.server-daten.de/?q=dranicajevremovic.com

You use your old, expired certificate.

But certonly doesn't install the certificate. So you have to do that manual.

Did you restart your server?

Your vHost

must use these lines.

1 Like
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.