Renew wildcard certificate


#1

Hello. I installed wildcard certificate in Centos 7 by using certbot with no problems.I used this command: certbot certonly --agree-tos --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory -d "*.domain.cz"
Then I tryed: certbot renew --dry-run and I got this error:

Attempting to renew cert (domain.cz) from /etc/letsencrypt/renewal/domain.cz.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/domain.cz/fullchain.pem (failure)

Any help ? Thank you


#2

You originally issued this with the --manual flag set. This requires you to manually interact with the issuance. “Renew” attempts to work non-interactively, i.e. without manual interaction, and this cannot work. You need to provide the renewal command a --manual-auth-hook flag with a script that will perform the manual operations for renewal.


#3

If you don’t have the possibility to automate the DNS challenge, you should just run the same command you ran before, like you typed in the beginning of this thread. Renewing is just a term used for the issuing of a new certificate with the same FQDNs and options as specified before, but now automated and with a single command for all certificates at the same time. The certificates themselves are the same as when you’d “renew” them manually.


#4

so I need some script for renewal if I want use cron ?


#5

Yes. If you tell us what your real domain is (assuming its not domain.cz), or what DNS provider you are using, we can point you towards a solution, if it exists.


#8

Hi, I am using cloudflare. What the script suppose to do?

Thanks for your advice.


#9

If you’re using CloudFlare, you don’t need to write your own script, but you can use the certbot-dns-cloudflare authenticator plugin.

https://certbot-dns-cloudflare.readthedocs.io/en/latest/


Renew Certificate Wildcard with not listed DNS providers
#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.