Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (tu-initial-training.att.com) from /etc/letsencrypt/renewal/tu-initial-training.att.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/tu-initial-training.att.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/tu-initial-training.att.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
httpd -v
Server version: Apache/2.4.46 ()
The operating system my web server runs on is (include version):
uname -srm
Linux 4.14.203-156.332.amzn2.x86_64 x86_64
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
You've used the manual plugin for the initial issuance of the certificate. The certbot renew command expects no user input. However, manual user input actually is required for the manual plugin if no --manual-auth-hook is provided. So that won't work.
So you have two options:
use the same command you used initially to get the certificate in stead of the certbot renew command, so you can, again (as you're going to be doing every 60 days......) manually provide the challanges;
build an authenticator script and provide it to certbot with --manual-auth-hook so you can automate renewal and don't have to do anything manually any longer.
[ec2-user@ip-172-31-45-58 html]$ sudo -i
[root@ip-172-31-45-58 ~]# cd /etc/letsencrypt/ && ./certbot-auto renew --dry-run && /etc/init.d/apache2 restart
Skipping bootstrap because certbot-auto is deprecated on this system.
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives.
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for tu-initial-training.att.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf
Enhancement redirect was already set.
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/tu-initial-training.att.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/tu-initial-training.att.com/privkey.pem
Your cert will expire on 2021-05-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"
If you like Certbot, please consider supporting our work by:
That is almost always preferred if you don't need a wildcard certificate. (By Let's Encrypt policy, wildcard certificates require the DNS verification method, where you have to change a DNS record, while non-wildcard certificates don't. That means certbot --apache is able to be much more automated than certbot --manual, but the former doesn't work for requesting a wildcard.)
The certbot-auto script has been deprecated. Please don't use it in the future again. Better still, remove the wrapper script and continue to use the certbot like you did later on.