Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(āAn authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.ā,)
Attempting to renew cert (mote001.com-0001) from /etc/letsencrypt/renewal/mote001.com-0001.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(āAn authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.ā,). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mote001.com-0001/fullchain.pem (failure)
My web server is (include version):
Nginx
The operating system my web server runs on is (include version):
The error message says that you havenāt configured Certbot to use a particular DNS API, but instead that you obtained the certificate by making the changes to the DNS records manually. If so, then youāll need to use the same command that you originally ran in order to renew your certificate.
The certbot renew command only performs non-interactive renewals. So, it doesnāt have a way to stop and prompt you to perform DNS updates at the appropriate moment in the renewal process.
If you configure Certbot to use a DNS provider API, certbot renew can perform an unattended renewal.
In Certbot, you can use --manual automatically with an auth script, which is the traditional way to do automated DNS API renewals. However, you need to have an auth script that works with your DNS provider's API.
Nowadays there are also some more DNS API plugins, again for specific DNS providers' APIs.
If your DNS provider doesn't provide an API (or a supported API), you can also use a CNAME of the _acme-challenge record to a different DNS provider, including that acme-dns instance or CloudFlare or a number of other options. Then you can use the DNS API with the provider that's the target of the CNAME.
Often weāve suggested this when people have DNS hosting that has no API, but lets them create static records. Arguably, it has an overall security benefit to use this in every case (because then you donāt have to give your Letās Encrypt client application DNS API credentials that could be used change your main siteās A and MX records!). This is also why the acme-dns tool exists (so that you can host your own mini-DNS server that can be updated via an API after setting a CNAME for the _acme-challenge TXT record).