Unable to renew SSL: Unable to get base domain for example.com (Ubuntu)

My domain is:

I ran this command:
sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/fly-academy.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for fly-academy.com
dns-01 challenge for fly-academy.com
Unsafe permissions on credentials configuration file: /etc/letsencrypt/gandi.ini
Cleaning up challenges
Unable to find or delete the DNS TXT record: Unable to get base domain for "fly-academy.com"
Unable to find or delete the DNS TXT record: Unable to get base domain for "fly-academy.com"
Attempting to renew cert (fly-academy.com) from /etc/letsencrypt/renewal/fly-academy.com.conf produced an unexpected error: An error occurred adding the DNS TXT record: Unable to get base domain for "fly-academy.com". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/fly-academy.com/fullchain.pem (failure)

My web server is (include version):
Running Nextcloud on Ubuntu 20

The operating system my web server runs on is (include version):
Ubuntu

My hosting provider, if applicable, is:
Using cloudflare for my A and TXT records

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I am controlling it via my Ubuntu machine

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

I've installed my certificate using certbot and it is working properly for now ( as far as I kwow). My goal is to set auto renewal rule, but for now I am trying to renew it manually and I get the before mentioned error. Did not find any helpful advice online regarding my specific case so I decided to ask you.

Thank you in advance!

1 Like

Hi @orgamisho, and welcome to the LE community forum :slight_smile:

Please show file:

2 Likes

this is it:

# renew_before_expiry = 30 days
version = 0.40.0
archive_dir = /etc/letsencrypt/archive/fly-academy.com
cert = /etc/letsencrypt/live/fly-academy.com/cert.pem
privkey = /etc/letsencrypt/live/fly-academy.com/privkey.pem
chain = /etc/letsencrypt/live/fly-academy.com/chain.pem
fullchain = /etc/letsencrypt/live/fly-academy.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = dce81571c7e641c4959e88e3093d75a6
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = certbot-plugin-gandi:dns
certbot_plugin_gandi:dns_credentials = /etc/letsencrypt/gandi.ini
manual_public_ip_logging_ok = True

It seems that certbot last renewed via Gandi DNS
But you are now using CloudFlare DNS:

fly-academy.com nameserver = james.ns.cloudflare.com
fly-academy.com nameserver = adrian.ns.cloudflare.com
2 Likes

:wink:
 

1 Like

It was never renewed. I installed it a week ago and for 2 days i was researching how to renew it automatically (as far as I read this is not a built-in feature - correct me if I'm wrong).

Previously I had a different error which I managed to fix installing the gandi plugin.
The previous error was:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/fly-academy.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
Attempting to renew cert (fly-academy.com) from /etc/letsencrypt/renewal/fly-academy.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/fly-academy.com/fullchain.pem (failure)

and the conf file was:

# renew_before_expiry = 30 days
version = 0.40.0
archive_dir = /etc/letsencrypt/archive/fly-academy.com
cert = /etc/letsencrypt/live/fly-academy.com/cert.pem
privkey = /etc/letsencrypt/live/fly-academy.com/privkey.pem
chain = /etc/letsencrypt/live/fly-academy.com/chain.pem
fullchain = /etc/letsencrypt/live/fly-academy.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = dce81571c7e641c4959e88e3093d75a6
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = manual
manual_public_ip_logging_ok = True

If you know another workaround for the first error with causing another error I might change the conf file again.