SSL Renewal:You need to export PDD_Token=xxxxxxxxxxxxxxxxx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this --renew -d --force
It produced this output:Wed Dec 7 15:32:08 MSK 2022] Renew: ''
[Wed Dec 7 15:32:08 MSK 2022] Renew to Le_API=
[Wed Dec 7 15:32:09 MSK 2022] Using CA:
[Wed Dec 7 15:32:09 MSK 2022] Single domain=''
[Wed Dec 7 15:32:09 MSK 2022] Getting domain auth token for each domain
[Wed Dec 7 15:32:11 MSK 2022] Getting webroot for domain=''
[Wed Dec 7 15:32:11 MSK 2022] Adding txt value: bhYUSnTMNJ8ljFep83G4BCDk1knRU0rozWYsqqHuYLk for domain:
[Wed Dec 7 15:32:11 MSK 2022] You need to export PDD_Token=xxxxxxxxxxxxxxxxx.
[Wed Dec 7 15:32:11 MSK 2022] You can get it at
[Wed Dec 7 15:32:11 MSK 2022] Error add txt for
[Wed Dec 7 15:32:11 MSK 2022] Please add '--debug' or '--log' to check more details.
[Wed Dec 7 15:32:11 MSK 2022] See: How to debug · acmesh-official/ Wiki · GitHub

My web server is (include version): nginx/1.18.0

The operating system my web server runs on is (include version):TrueNAS-SCALE-22.02.4

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I have created a pdd token and not got stuck at this point. When I run my cron job like so :/root/ --cron it returns success and the cron is set weekly however nothing happends and I received a notification e-mail today that I have one week left only.

Please don't use any "force" options if there is nothing to force. Errors don't magically go away when using such an option.

Did you export the token as requested by See e.g. How to Set Environment Variables in Linux - Serverlab for more info about exporting variables in Linux.


No I didn't - could not find the relevant part for I could add it to the config file I guess

How do you mean? can simply use variables exported on the command line.


in this file: /root/ Or shall do ```
export pddxxx=/root/acme/sh ? I am confused a bit. Could you help me with the command to export pdd please?

If you are renewing, then you have done this before.
How did you get the cert?


I've got it originally on TrueNAS Core via certbot - here I issued it via on TrueNAS Scale. Never renewed on TrueNAS Scale, only on Core via certbot.

Has anything changed since the cert was issued?


Yes - one of the disks went bad so i replaced it and then used the back up configuration. Today was not present on the system so I installed fresh

1 Like

Does see the cert? --list


Main_Domain KeyLength SAN_Domains CA Created Renew "2048" no

That is good.
I think needs to relearn how to renew this cert.
I'm not an expert...
I would just delete the cert and get a new one [after backing up the entire folder].
But there may be a simpler way.


Well I am trying to see how to export that pdd file that I created to Osiris advised that it's a simle cli command not sure which one though

That was just to provide the PPD token to I'm hoping would store it somewhere for renewal purposes, but I don't know for certain.


What's the command anyway?

For some unknown reason, the dns_yandex plugin you seem to be using does not appear to have saved the token it needs. While it's unclear to me how that could have happened, here are some ideas (untested as I don't use that plugin).

Run these commands:

export PDD_Token=<your token>

(where <your token> is replaced with your actual token value)

then run the renew command again from the same shell session: --renew -d

The yandex plugin should save the token automatically and reuse it on subsequent renewals. If that does not happen there may be a bug in the plugin code, but I can't see an obvious problem.

If the above has not resolved your issue, you can do some further diagnosis: should save your token in your account config, usually located at


after running the above commands, there should be a line

PDD_Token=<your token>



@Nummer378 - It worked - thanks a lot for your tip! I had to use --dnssleep 3600 for stupid Yandex DNS to kick in. Other then that it's all good!


Hmm - --renew -d
[Fri Dec 16 22:21:23 MSK 2022] Renew: ''
[Fri Dec 16 22:21:23 MSK 2022] Renew to Le_API=
[Fri Dec 16 22:21:23 MSK 2022] Skip, Next renewal time is: 2023-02-05T09:01:52Z
[Fri Dec 16 22:21:23 MSK 2022] Add '--force' to force to renew.

However the cer does not work anymore the connection is not secure and it still shows like this in Gui:GUI SSL Certificate:letsencrypt-2022-09-17-212604. How is that possible?

Could be due to multiple reasons. For example, also has some kind of "install" command, which is basically just some kind of copy action from its "internal" cert storage to somewhere else (kinda useless if you'd ask me). I don't know if that copy action is automatically done when renewing. Please see the documentation about this to double check.

Another reason could be that your webserver (or other service) needs to be reloaded/restarted.