Hi

When looking in hestiaCP I see that the certificates were renewed:

when running certbot certificates I see
Found the following certs:
Certificate Name: stockdiv.com
Serial Number: 3c645ac85dd15cfb06024618e99100b2c93
Key Type: RSA
Domains: stockdiv.com www.stockdiv.com
Expiry Date: 2023-03-02 14:02:38+00:00 (VALID: 6 days)
Certificate Path: /etc/letsencrypt/live/stockdiv.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/stockdiv.com/privkey.pem

I guess I should renew the pem files but I didn't understand how exactly (see the command I ran below).

stockdiv.com.conf shows:

renew_before_expiry = 30 days

version = 1.12.0
archive_dir = /etc/letsencrypt/archive/stockdiv.com
cert = /etc/letsencrypt/live/stockdiv.com/cert.pem
privkey = /etc/letsencrypt/live/stockdiv.com/privkey.pem
chain = /etc/letsencrypt/live/stockdiv.com/chain.pem
fullchain = /etc/letsencrypt/live/stockdiv.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = ea293ef64a7b972253512ea84f01d2ef
pref_challs = dns-01,
authenticator = manual
server = https://acme-v02.api.letsencrypt.org/directory

is there a quick/automated way to renew the pem files based on the ssl certificates I see in hestiaCP?

My domain is: stockdiv.com

I ran this command:certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/stockdiv.com.conf

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
Failed to renew certificate stockdiv.com with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/stockdiv.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): hestiaCP

The operating system my web server runs on is (include version): Debian GNU/Linux 11 (bullseye)

My hosting provider, if applicable, is: VPS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): HestiaCP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

Thanks

let's try certbot renew --nginx

Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed

That wouldn't be very automated friendly.

Can you use HTTP-01 authentication instead?

pref_challs = HTTP-01
authenticator = manual - what should be here instead?

You don't make changes to that file directly.
You don't change anything within /etc/letsencrypt/ path directly.

You use certbot in the way you need it to.
And it will make all those necessary changes for itself [and you].

Because this is my first time doing so, I'd appreciate if you can tell me how to use certbot in the way I need it to, or in other words, what command should I run.

This file was created when I first ran certbot, I thought the renewal would be much easier and faster.

That was a good starting place.

But since you are new and testing...
certbot --nginx --dry-run
[might be a better starting place]

That said, you may need to upgrade certbot too:

I really don't understand all this secrecy. Is updating certbot is the key to this renew failing?
what do I need to run in order to renew the certificates?
A simple question, please give me a simple answer, I'm a newbie, please treat me as one.
thanks

There is no secrecy.
I have no idea what you have or don't have.
Based on the little I do know, that is my best advice.
If you are not happy with it, I will gladly return your $0.00 paid for my help.

I see you have HestiaCP.
Can that get certs for you?

So if more information is needed, let me know what is needed and I'll gladly add it to my question.

From hestiaCP itself, I see that the certificates are up to date, I added a screenshot in my first post that shows that, I need to create pem files (privkey.pem and fullchain.pem) out of the certificate.

The certbot certificate files are already in .pem format:

More importantly, you need to renew it:

So...
How did you get that existing cert?

that's my question, how do I do that?
I used the dns challenge and added a txt record but I was hoping that a renewal will be faster and easier.

maybe the conf file I posted is not set correctly and I need to set it differently, if only I knew how.

To that end, answer mine:

Pleased don't edit any certbot files.
You will only make a bad thing worse.

Maybe...

I used the dns challenge and added a txt record but I was hoping that a renewal will be faster and easier.