Trouble renewing SSL cert

My domain is: https://etal.live

I ran this command: sudo certbot renew

It produced this output:

/var/log/letsencrypt/letsencrypt.log- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Processing /etc/letsencrypt/renewal/etal.live.conf- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Cert is due for renewal, auto-renewing...Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')Attempting to renew cert (etal.live) from /etc/letsencrypt/renewal/etal.live.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping.All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/etal.live/fullchain.pem (failure)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/etal.live/fullchain.pem (failure)

My web server is (include version): apache

The operating system my web server runs on is (include version): debian

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

0.31.0

2 Likes

We should have a look at this file:

2 Likes

It turns out you have to do something different in AWS LightSail:

sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="<EMAIL>" --domains="<DOMAIN>" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start
1 Like

Welcome Back to the Let's Encrypt Community, Bill :slightly_smiling_face:

A couple of notes...

  • You shouldn't be using certbot with Bitnami. The appropriate process can be found in the official Amazon documentation.
  • You cannot use certbot renew with the manual authenticator without supplying hook scripts to setup and cleanup the challenges. More information can be found in the certbot user guide.
2 Likes

I'm running NGINX as the server for JITSI,

Did you try using the bncert tool instead of lego as mentioned in the instructions I gave?

sudo /opt/bitnami/bncert-tool

1 Like

That wouldn't work. I was able to use the lego method after stopping NGNIX first, but thanks for the suggestion:

sudo /opt/bitnami/letsencrypt/lego --tls --email="<EMAIL" --domains=<DOMAIN>" --path="/opt/bitnami/letsencrypt" renew --days 90