Renew certificates error

init · June 15, 2021, 6:02am

Hi there! Im created certificates with this command

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'cabinet.greenline.bz,paygate.greenline.bz'

But renew certificates failed on logs

2021-06-14 08:05:36,252:DEBUG:certbot.main:certbot version: 0.28.0
2021-06-14 08:05:36,254:DEBUG:certbot.main:Arguments: ['-q']
2021-06-14 08:05:36,254:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-14 08:05:36,267:DEBUG:certbot.log:Root logging level set at 30
2021-06-14 08:05:36,268:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-14 08:05:36,282:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f6af0a87390> and installer <certbot.cli._Default object at 0x7f6af0a87390>
2021-06-14 08:05:36,292:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-13 04:32:03 UTC.
2021-06-14 08:05:36,292:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-06-14 08:05:36,293:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2021-06-14 08:05:36,293:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#manual): An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/plugins/disco.py", line 132, in prepare
self._initialized.prepare()
File "/usr/lib/python3/dist-packages/certbot/plugins/manual.py", line 133, in prepare
self.option_name('auth-hook')))
certbot.errors.PluginError: An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.
2021-06-14 08:05:36,295:DEBUG:certbot.plugins.selection:No candidate plugin
2021-06-14 08:05:36,296:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2021-06-14 08:05:36,296:INFO:certbot.main:Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
2021-06-14 08:05:36,297:WARNING:certbot.renewal:Attempting to renew cert (cabinet.greenline.bz) from /etc/letsencrypt/renewal/cabinet.greenline.bz.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
2021-06-14 08:05:36,302:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1162, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 237, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 341, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)

2021-06-14 08:05:36,303:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-06-14 08:05:36,303:ERROR:certbot.renewal: /etc/letsencrypt/live/cabinet.greenline.bz/fullchain.pem (failure)
2021-06-14 08:05:36,304:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1247, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 468, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

_az · June 15, 2021, 8:32am

Certificates created using --manual do not support automatic renewal unless combined with an authentication hook script via --manual-auth-hook to automatically set up the required HTTP and/or TXT challenges.

To renew a certificate using --manual without hooks, repeat the same certbot --manual command you used to create the certificate originally.

If you can use one of the other plugins to renew your certificate (like --webroot or --standalone), doing so is highly recommended.

rg305 · June 15, 2021, 4:09pm

Hi @init and welcome to the LE community forum

Can you upgrade this client?

Did you put the command into a script (or did you run it manually)?

DarkSteve · June 17, 2021, 10:10am

Yeah, that seems awfully out of date (I'm running 1.15.0.)

0.28 is approaching three years old at this point (released Nov 2018!)

system · July 17, 2021, 10:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.