Unable to Renew certificates automatically error due to --manual -download Plugin

My domain is: *.budgetallocator.com

I ran this command: certbot certonly --manual -d ‘*.budgetallocator.com’ --manual-public-ip-logging-ok

It produced this output:
certificate for budgetallocator.com till 2020-09-28
Details are as follows -
Certificate Name: budgetallocator.com
Expiry Date: 2020-09-28 11:49:59+00:00 (VALID: 89 days)

My web server is (include version): nginx 1.4.6

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.26.1

I am trying to renew automatically via crontab using certbot renew but it is not working asking - Could not choose appropriate plugin: authenticator could not be determined or is not installed
authenticator could not be determined or is not installed

1 Like

Hi @sambit,

Certificates obtained with --manual can normally not be renewed non-interactively from cron, because the renewal also requires manual human interaction, which cron jobs can’t provide. Is it this wildcard certificate that you’re trying to renew, or a different one?

1 Like

I am trying to renew the certificate as the configuration is already present in my server /etc/letsencrypt/renew/website.conf . It was my mistake I have executed the manual command to renew the certificate instead of certbot renew simple command .
Is there any chance I can try deleting the certificate & get the certificate once again which can be auto renewal by using certbot renew command ?

You don’t have to delete the certificate. How do you want Certbot to prove your control over the domain name for renewal?

1 Like

usually it should be automatically to be renewed when i run certbot renew command . for other sites its working fine but this one i recently mistakenly renewed via manual method as i wasn’t aware of this issue earlier .

1 Like

To renew a wildcard automatically, you would need to use the DNS Made Easy DNS plugin: https://certbot-dns-dnsmadeeasy.readthedocs.io/en/stable/. This is because wildcard certificates must be authorized via the DNS challenge (https://letsencrypt.org/docs/challenge-types/), so you cannot use the usual --nginx or --webroot metods.

However, as Ubuntu 14.04 is now end-of-life and Certbot is no longer published for it, I don’t think you will be able to install that DNS plugin.

If you wish to renew a normal certificate (non-wildcard), you could change the authenticator in the .conf file to something that supports automatic renewal (not manual, something like webroot or nginx).

1 Like

i found this is the configuration for the wildcard certificate -

Options used in the renewal process

authenticator = manual
server = https://acme-v02.api.letsencrypt.org/directory
manual_public_ip_logging_ok = True
account = 9c905520d74
So how do i change it back to something like this

for another site - www.website.com
account = 9c905520d74
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
www.website.com = /var/www

As I mentioned in my previous post, you can’t.

Wildcards are special, and must be authenticated using DNS TXT records. Most likely, you used --manual in the first place because it was the only way to get a wildcard certificate at all.

webroot and nginx cannot be used for wildcard certificates. You must use the DNS Made Easy plugin, or otherwise --manual with an authentication hook/script (automatic renewal), or without (no automatic renewal).

1 Like

got it , so i was looking into DNS Made Easy plugin & it say to acquire a certificate for example.com
i have to use this -
certbot certonly
–dns-dnsmadeeasy-credentials ~/.secrets/certbot/dnsmadeeasy.ini
-d example.com
So how do i aquire a wildcard certificate for *.budgetallocator.com ? Should i do like this ?
certbot certonly
–dns-dnsmadeeasy-credentials ~/.secrets/certbot/dnsmadeeasy.ini
-d *.budgetallocator.com

A post was split to a new topic: Automatic renewal of --manual wildcard certificate

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.