Certificate auto-renewal does not work correctly (profesional Help if possible)

Ok, NGINX autorenew certificate, can’t renew, I follow some post in this forum, deleteing all SSL certificates, and executin ssl_certificate.py

I solved with linked to new cert. (Manual)

Later have problem with dns and update external dns:



Need help to solve Autorenew of certificates.

Thanks in advance.

Ive seen this help with people in the past:

cd /home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory 


Then, go into the web-ui and go to the TLS / ssl certificates

Click the provision button.

Also is your box hosted on VPS or are you behind a firewall/router hosting this yourself?

I’ve seen in the past where Let’s Encrypt will try to trigger the certificate install from servers in other countries and people are blocking other countries via firewall rules, pfBlocker, etc.

1 Like

Thanks you stylnchris.

Is a VPS but 3 moths ago migrate from forked version for Debian.
Now work fine, but need touched some files a configs.

This night try follow you intructions.

1 Like

Have this error when press “Provision”

Saving debug log to /var/log/letsencrypt/letsencrypt.log You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. 

Log of certbot

2024-04-22 20:36:43,130:DEBUG:certbot._internal.main:certbot version: 1.21.0
2024-04-22 20:36:43,130:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-04-22 20:36:43,130:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '-d', 'autoconfig.ofisolutio.com,autodiscover.ofisolutio.com,mta-sts.box.ofisolutio.com,mta-sts.ofisolutio.com', '--csr', '/tmp/tmp65e02hf1', '--cert-path', '/tmp/tmpwoy3up3n/cert', '--chain-path', '/tmp/tmpwoy3up3n/chain', '--fullchain-path', '/tmp/tmpwoy3up3n/cert_and_chain.pem', '--webroot', '--webroot-path', '/home/user-data/ssl/lets_encrypt/webroot', '--config-dir', '/home/user-data/ssl/lets_encrypt']
2024-04-22 20:36:43,130:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-04-22 20:36:43,145:DEBUG:certbot._internal.log:Root logging level set at 30
2024-04-22 20:36:43,146:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-04-22 20:36:43,146:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f306e47b790>
Prep: True
2024-04-22 20:36:43,147:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f306e47b790> and installer None
2024-04-22 20:36:43,147:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-04-22 20:36:43,147:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 46, in get_email
    code, email = display_util.input_text(invalid_prefix + msg if invalid else msg,
  File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 124, in input_text
    return obj.get_display().input(message, default=default, cli_flag=cli_flag,
  File "/usr/lib/python3/dist-packages/certbot/_internal/display/obj.py", line 474, in input
    self._interaction_fail(message, cli_flag)
  File "/usr/lib/python3/dist-packages/certbot/_internal/display/obj.py", line 413, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Enter email address (used for urgent renewal and security notices)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1416, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 763, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 678, in _determine_account
    config.email = display_ops.get_email()
  File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 51, in get_email
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
2024-04-22 20:36:43,151:ERROR:certbot._internal.log:You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

This might fail because registering happens during setup. Now that you have deleted all ssl files, you might need to re-register by running manually: certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
$STORAGE_ROOT being probably /home/user-data but might be different in your case.

1 Like

or re-run setup

sudo mailinabox
1 Like

I tried everything you tell me here, but since I was very urgent, I made a backup copy and a clean installation on the same server

now work fine.

The problem before are with TLSA.