I keep getting the following error when try to renew, i think my ssl is set to the old manual method and i would like to switch to the new automatique one, how can i do that please?
My domain is:
I ran this command:
sudo certbot renew --dry-run
It produced this output:
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (web-wallet.com) from /etc/letsencrypt/renewal/web-wallet.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/demo.web-wallet.com/fullchain.pem (failure)
/etc/letsencrypt/live/web-wallet.com/fullchain.pem (failure)
The operating system my web server runs on is (include version):
Ubuntu 18
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31
You have a wildcard certificate, which limits you to using the dns-01 challenge. This can only be automated, if there’s a DNS challenge available to add/remove the necessary TXT records automatically or you can script those functions yourself and use the --manual-auth-hook option (and --manual-cleanup-hook).
Thank you everyone, yes i was doing it manually but recently for some reason the manual verification don’t work, i guess because of the wild card then so i wanted to change and switch to automatique but i don’t know how to transition from manual to automatique because when i run the following:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Was working but today i don’t know why, when i enter the new acme txt challenge in my dns, i test with lookup tools if deployed, it is, but the certbot find an old one each time…
Just re did it right now and for some reason this time it worked … Certbot didnt gave me two challenge, only one for _acme-challenge.web-wallet.com
I tried several times a couple of hours ago and didnt work, Certbot was always showing an older challenge. Probably the server that is slow to propagate the txt?
Weird part is certbot in console said it was successfull:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/web-wallet.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/web-wallet.com/privkey.pem
Your cert will expire on 2020-11-01.
A possible reason for certbot not asking you to add two txt records might be that there's a cached authorization for the non-wildcard domain, obtained via http-01.