Skip to content

Instantly share code, notes, and snippets.

@mpolinowski

mpolinowski/certbot.md

Created May 4, 2019 10:41
Show Gist options
  • Save mpolinowski/f79f0e8f7c74334e82a0734cb82c5358 to your computer and use it in GitHub Desktop.
Save mpolinowski/f79f0e8f7c74334e82a0734cb82c5358 to your computer and use it in GitHub Desktop.
Download ZIP
Manual renew certificate with Certbot / Let's Encrypt (NGINX Plugin)
Raw
certbot.md

An issue with one of the domains on the server prevents the cert update/renewal :

certbot renew

ERROR

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed: ...

 To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Manual update of non-affected domains works though:

certbot certonly -d my.domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for my.domain.com
Waiting for verification...
Cleaning up challenges
Resetting dropped connection: acme-v02.api.letsencrypt.org

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/my.domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/my.domain.com/privkey.pem
   Your cert will expire on 2019-08-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment