Unable to renew my certificate and getting this Plugin error. I tried creating new certificate 2 days ago and i think it messed up my configuration

axeish · April 26, 2019, 4:26pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
axeishguy.com
I ran this command:
sudo ./certbot-auto renew
It produced this output:
Processing /etc/letsencrypt/renewal/axeishguy.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.

The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)

Attempting to renew cert (axeishguy.com) from /etc/letsencrypt/renewal/axeishguy.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.

The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/www.axeishguy.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert not yet due for renewal

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/axeishguy.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:

/etc/letsencrypt/live/www.axeishguy.com/fullchain.pem expires on 2019-07-24 (skipped)

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/axeishguy.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version):
Apache 2.4.18
The operating system my web server runs on is (include version):
LInux running on amazon lightsail
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

when i check my certificate it says this ----

Found the following certs:
  Certificate Name: axeishguy.com
    Domains: axeishguy.com *.axeishguy.com
    Expiry Date: 2019-03-27 02:31:45+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/axeishguy.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/axeishguy.com/privkey.pem
  Certificate Name: www.axeishguy.com
    Domains: www.axeishguy.com axeishguy.com
    Expiry Date: 2019-07-24 00:09:09+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/www.axeishguy.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.axeishguy.com/privkey.pem

JuergenAuer · April 26, 2019, 4:29pm

Hi @axeish

you can't use the simple "renew" command if you have used the last command with --manual

Use the complete certbot-command with --manual again.

axeish · April 26, 2019, 4:31pm

is it possible to remove the --manual / existing configuration option and start again ?

JuergenAuer · April 26, 2019, 4:33pm

Do you need that wildcard? You may have created that certificate with --manual.

If not, remove it with

certbot delete axeishguy.com

See

https://certbot.eff.org/docs/using.html

first make a backup.

axeish · April 26, 2019, 4:36pm

I will definitely try that,
I wanted to use my blog without “www” as well.

https://axeishguy.com/
https://www.axeishguy.com/

axeish · April 26, 2019, 4:44pm

I went ahead and deleted the axeishguy.com and then renewed my certificate.

i also restarted my apache after that and forced reload on the browser.
Am i missing anything else my certifictae for www.axeishguy.com is still showing certificate expired

axeish · April 26, 2019, 4:49pm

oh i found error in restarting apache …

SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt’ does not exist or is empty

apache config test fails, aborting

Monitored apache

JuergenAuer · April 26, 2019, 6:14pm

That's only a problem of the correct redirect. You use a domain (not a subdomain), so you should always have a dns entry with the www, a certificate with that name and a correct redirect.

You use your expired wildcard certificate ( https://check-your-website.server-daten.de/?q=axeishguy.com ):

CN=axeishguy.com
	27.12.2018
	27.03.2019
30 days expired	*.axeishguy.com, axeishguy.com - 2 entries

So first restore it from your backup, so your Apache works.

One time didn't check the domain.

system · May 31, 2019, 1:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to manually renew certs Help	9	4638	May 16, 2019
Manual plugin not working error, on renewal Help	6	33559	June 29, 2019
Error renewing certificate Help	8	639	November 3, 2022
Urgent: Error in renewal Server	10	3149	February 6, 2018
Certificate renewal failed Help	8	1317	August 25, 2019

Unable to renew my certificate and getting this Plugin error. I tried creating new certificate 2 days ago and i think it messed up my configuration

Related topics