Renew certificate in custom diretory

Arisco · September 5, 2019, 2:30pm

how renew certificate in custom directory?

/usr/local/nginx/html/letsencrypt

certbot renew --manual --config-dir /usr/local/nginx/html/letsencrypt/
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing
/usr/local/nginx/html/letsencrypt/renewal/gastroz.com.br.conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (gastroz.com.br) from /usr/local/nginx/html/letsencrypt/renewal/gastroz.com.br.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/usr/local/nginx/html/letsencrypt/live/gastroz.com.br/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/usr/local/nginx/html/letsencrypt/live/gastroz.com.br/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

stevenzhu · September 5, 2019, 3:37pm

Hi,

I’m sorry but I’m not really understanding your issue.
First of all, why do you want to use manual plugin?
Did you have a custom Nginx installation? Or you want to place files under a different server?

Could you also elaborate on “custom directory”? What part is custom directory?
Thank you

Arisco · September 5, 2019, 3:51pm

@stevenzhu is on the same server, does not contain custom installation for nginx, the directory is /usr/local/nginx/html/letsencrypt

stevenzhu · September 5, 2019, 4:00pm

Just trying to confirm, beside the directory for Let’s Encrypt is not the default one (/etc/letsencrypt/) there’s nothing else difference right?

Could you please try to renew the certificate with certbot renew? (Without the manual flag)

Thank you

Arisco · September 5, 2019, 4:04pm

@stevenzhu try certbot renew

certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No renewals were attempted.

it does not recognize the directory where the certificates are

stevenzhu · September 5, 2019, 4:30pm

Sorry, try certbot renew --config-dir /usr/local/nginx/html/letsencrypt/

Thank you

Arisco · September 5, 2019, 4:37pm

@stevenzhu this error

certbot renew --manual --config-dir /usr/local/nginx/html/letsencrypt/
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing
/usr/local/nginx/html/letsencrypt/renewal/gastroz.com.br.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (gastroz.com.br) from /usr/local/nginx/html/letsencrypt/renewal/gastroz.com.br.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /usr/local/nginx/html/letsencrypt/live/gastroz.com.br/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /usr/local/nginx/html/letsencrypt/live/gastroz.com.br/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

stevenzhu · September 5, 2019, 5:02pm

Hi,

Please do not include the --manual flag in this command, just certbot renew --config-dir /usr/local/nginx/html/letsencrypt/ If this does not work, ping @JuergenAuer

Thank you

mnordhoff · September 6, 2019, 7:46am

This isn’t an answer to your questions, but you should not use /usr/local/nginx/html/letsencrypt/.

/usr/local/nginx/html/ is a directory where – on some OSes – Nginx has some default, public files. It’s part of your OS’s Nginx package. You should not put anything in it. It could be overwritten or deleted when Nginx is upgraded or uninstalled.

Additionally, Certbot’s configuration directory is not public information. Some of it is (the certificates) and some of the information is not sensitive (the renewal configuration files), but the private keys absolutely need to be kept secret.

The directory permissions should protect everything sensitive from exposure, but it’s still prudent not to put it in or near your document root.

system · October 6, 2019, 7:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.