Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for fly-academy.com
dns-01 challenge for fly-academy.com
Unsafe permissions on credentials configuration file: /etc/letsencrypt/gandi.ini
Cleaning up challenges
Unable to find or delete the DNS TXT record: Unable to get base domain for "fly-academy.com"
Unable to find or delete the DNS TXT record: Unable to get base domain for "fly-academy.com"
Attempting to renew cert (fly-academy.com) from /etc/letsencrypt/renewal/fly-academy.com.conf produced an unexpected error: An error occurred adding the DNS TXT record: Unable to get base domain for "fly-academy.com". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/fly-academy.com/fullchain.pem (failure)
My web server is (include version):
Running Nextcloud on Ubuntu 20
The operating system my web server runs on is (include version):
Ubuntu
My hosting provider, if applicable, is:
Using cloudflare for my A and TXT records
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I am controlling it via my Ubuntu machine
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0
I've installed my certificate using certbot and it is working properly for now ( as far as I kwow). My goal is to set auto renewal rule, but for now I am trying to renew it manually and I get the before mentioned error. Did not find any helpful advice online regarding my specific case so I decided to ask you.
It was never renewed. I installed it a week ago and for 2 days i was researching how to renew it automatically (as far as I read this is not a built-in feature - correct me if I'm wrong).
Previously I had a different error which I managed to fix installing the gandi plugin.
The previous error was:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/fly-academy.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
Attempting to renew cert (fly-academy.com) from /etc/letsencrypt/renewal/fly-academy.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/fly-academy.com/fullchain.pem (failure)
and the conf file was:
# renew_before_expiry = 30 days
version = 0.40.0
archive_dir = /etc/letsencrypt/archive/fly-academy.com
cert = /etc/letsencrypt/live/fly-academy.com/cert.pem
privkey = /etc/letsencrypt/live/fly-academy.com/privkey.pem
chain = /etc/letsencrypt/live/fly-academy.com/chain.pem
fullchain = /etc/letsencrypt/live/fly-academy.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = dce81571c7e641c4959e88e3093d75a6
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = manual
manual_public_ip_logging_ok = True
If you know another workaround for the first error with causing another error I might change the conf file again.