Since upgrading from 3.2.7p1 to 3.2.8p1 (without any reported errors or warnings - running Ubuntu 20.04.4 LTS) we have been experiencing LetsEncrypt problems. We first started getting SSL errors on one of our email accounts and found these errors in the logs: Code: postfix-script (total: 5) 1 symlink leaves directory: /etc/postfix/./smtpd.key 1 symlink leaves directory: /etc/postfix/./smtpd.cert-20210327132... 1 symlink leaves directory: /etc/postfix/./smtpd.cert 1 symlink leaves directory: /etc/postfix/./makedefs.out 1 symlink leaves directory: /etc/postfix/./smtpd.key-202103271327... and in the LetsEncrypt logs: Code: 2022-05-11 16:31:59,181:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-14 10:53:44 UTC. 2022-05-11 16:31:59,181:INFO:certbot.renewal:Cert is due for renewal, auto-renewing... 2022-05-11 16:31:59,181:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None 2022-05-11 16:31:59,182:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#manual): An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively. Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/plugins/disco.py", line 130, in prepare self._initialized.prepare() File "/usr/lib/python3/dist-packages/certbot/plugins/manual.py", line 87, in prepare raise errors.PluginError( certbot.errors.PluginError: An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively. 2022-05-11 16:31:59,184:DEBUG:certbot.plugins.selection:No candidate plugin 2022-05-11 16:31:59,184:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None 2022-05-11 16:31:59,185:INFO:certbot.main:Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.') 2022-05-11 16:31:59,185:WARNING:certbot.renewal:Attempting to renew cert (emstaffs.uk) from /etc/letsencrypt/renewal/emstaffs.uk.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping. 2022-05-11 16:31:59,190:DEBUG:certbot.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 462, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1202, in renew_cert installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly") File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 235, in choose_configurator_plugins diagnose_configurator_problem("authenticator", req_auth, plugins) File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 339, in diagnose_configurator_problem raise errors.PluginSelectionError(msg) certbot.errors.PluginSelectionError: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.') 2022-05-11 16:31:59,204:INFO:certbot.renewal:Cert not yet due for renewal 2022-05-11 16:31:59,205:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2022-05-11 16:31:59,206:WARNING:certbot.renewal: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__ raise errors.CertStorageError( certbot.errors.CertStorageError: renewal config file {} is missing a required file reference 2022-05-11 16:31:59,208:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/server1.16bit.co.conf is broken. Skipping. 2022-05-11 16:31:59,208:DEBUG:certbot.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__ raise errors.CertStorageError( certbot.errors.CertStorageError: renewal config file {} is missing a required file reference 2022-05-11 16:31:59,227:INFO:certbot.renewal:Cert not yet due for renewal 2022-05-11 16:31:59,228:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2022-05-11 16:31:59,244:INFO:certbot.renewal:Cert not yet due for renewal 2022-05-11 16:31:59,245:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2022-05-11 16:31:59,245:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed: 2022-05-11 16:31:59,245:ERROR:certbot.renewal: /etc/letsencrypt/live/16bit.co/fullchain.pem (failure) /etc/letsencrypt/live/aretheassholesstillincharge.com/fullchain.pem (failure) /etc/letsencrypt/live/emstaffs.uk/fullchain.pem (failure) 2022-05-11 16:31:59,246:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1287, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 486, in handle_renewal_request raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format( certbot.errors.Error: 3 renew failure(s), 1 parse failure(s) Any ideas as to what could have gone wrong and/or how to fix. I'm reluctant to mess around with Certbot without understanding what caused the problem and I don't want to screw up ISPConfig. Many thanks.
Seems as if one of the renewal config files is broken: /etc/letsencrypt/renewal/server1.16bit.co.conf As these files are managed by certbot himself. I guess it's just a coincidence that you noticed it now right after an ISPConfig update. I would say the best approach might be that you take a look into that file and compare it with one of the other renewal config files of the system to see if you find any apparent differences and add the missing / broken part. Certbot sometimes destroys it's own config files, I've seen this several times in the past.