Second renewal fails, seems to think I'm now trying to run non-interactively

jphm · July 3, 2016, 4:14am

I’m trying to use the renew command to renew a certificate that I’d created successfully about 6 months ago, and have renewed successfully once already.

I’d originally created the certificate using the certonly command — I create the certificate, and pass it on to my hosting service, who install it on their server.

The program seems to think I’m wanting run non-interactively, although I’m giving no such command-line option, and the /etc/letsencrypt/renewal/maraist.org.conf file has noninteractive mode marked false,
noninteractive_mode = False

Thanks for any advice!
-John

–

My domain is: maraist.org

I ran this command:
./certbot-auto renew --email home-https-cert@maraist.org --agree-tos --manual-public-ip-logging-ok

(although I can omit everything after the “renew” and get the same error. I get this error both on the recently-downloaded certbot-auto, and with the letsencrypt-auto I had hanging around from the installation and previous renewal)

It produced this output:

Processing /etc/letsencrypt/renewal/maraist.org.conf

2016-07-02 22:50:10,337:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/maraist.org.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘Running manual mode non-interactively is not supported’,). Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/maraist.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

My operating system is (include version):
I’m running Ubuntu Trusty locally for building the cert; don’t know what the hosting provider is using.

My web server is (include version):
Don’t know what the hosting provider is using (and it doesn’t seem to get to a point where that would be relevant).

My hosting provider, if applicable, is:
webfaction.com

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes for my home machine where I’m running certbot-auto; no for the hosting provider’s machine (I upload the generated cert and they install).

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

pfg · July 3, 2016, 4:20am

My understanding of the renew command is that it’s only intended for automated renewal, i.e. it implies non-interactivity. That would not be compatible with how the manual plugin works.

The way to renew a certificate that was obtained using that plugin would be by repeating the certonly command that got you the certificate in the first place.

jphm · July 3, 2016, 5:20am

That worked! Thanks for the correction.

Adding that first renewal to the list of things I’m surprised ever worked.

tialaramex · July 3, 2016, 10:51am

Probably certbot should be modified to either: Explicitly tell users who attempt renew with manual that they can’t do that (not in some subtle error message, but just up front)

OR

Treat the renew verb for a manually issues certificate as a request to do a new manual issuance, after a warning message.

system · August 2, 2016, 10:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.