Problem renewing certonly


#1

Previously created several certs using ./letsencrypt-auto certonly --debug -a manual -d www.domain.com -d domain.com

Now, when I run ./certbot-auto --debug renew --dry-run, I get the following error:

PluginError(‘Running manual mode non-interactively is not supported’,). Skipping.

Checking the config, I see noninteractive_mode = False but that does not seem to make a difference. If I change authenticator = manual to authenticator = standalone, The renewal process tries to do the challenge to a strange IP address: 74.125.193.121:443 (Hosted on Google App Engine, so the IP address is not dedicated to the site).

Ideas? Thanks in advance!


#2

If you’re planning to do your renewals interactively (with you at the keyboard), you can just do them at the appropriate time with

./certbot-auto certonly --debug --force-renew -a manual -d www.domain.com -d domain.com

Apart from the fact that it will work with manual, that will produce the same result for that certificate as running ./certbot-auto renew during the renewal window would (assuming you have only one certificate installed that covers those two names).

The reason for the error is that certbot renew is meant to be run from an unattended automated process like cron, and so it expects that it will be unable to prompt for any kind of user input or confirmation.


#3

Thanks, schoen.

Perhaps the issue is that I was expecting something easier, to do a renewal. This isn’t really a “renewal”, per se. It is simply reissuing another cert. I still have to go change all the challenge urls/responses. It is the same as starting over from scratch.

Isn’t there a way to do a renewal that retains the old challenges?

Thanks.


#4

I don’t think this feature is available in Certbot yet. It should be available in a future version.


#6

Schoen! I was having the same problem and your solution worked like a charm, THANKS!


#7

I added an option to generate a 4096 key

sudo ./certbot-auto certonly --debug --rsa-key-size 4096 --force-renew -a manual -d www.domain.com -d domain.com