/usr/bin/certbot renew failes


#1

Certificate renewal fails always:

Execution by cron fails:

/usr/bin/certbot renew

manual fails also:

  # /usr/bin/certbot --debug  renew --force-renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/autoconfig.taunusstein.net.conf
-------------------------------------------------------------------------------
2016-09-08 14:54:31,363:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/autoconfig.taunusstein.net.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Running manual mode non-interactively is not supported',). Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/autoconfig.taunusstein.net/fullchain.pem (failure)
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.8.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 744, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 584, in renew
    renewal.renew_all_lineages(config)
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 363, in renew_all_lineages
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

any ideas?

platform is CentOS 7 and certbot rpms are:

  • python2-certbot-0.8.1-2.el7.noarch
  • certbot-0.8.1-2.el7.noarch

#2

Renewing is by default “non-interactively”, i.e., the user doesn’t have to do anything. This is not possible when using the manual plugin: the user always has to do something.

So you might ask yourself: do I really need the manual plugin? Or can I use webroot (for example)?


#3

call by cron also not working. I would consider cron as “non-interactive”

Does no longer matter, I migrate that to StartSSL certificates.


#4

Duh, doesn’t matter if you try to renew by CLI or cron, the problem is the used plugin! Not the way how you call certbot:zipper_mouth:


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.