I thought the LetsEncrypt certificates would automatically renew. They didn’t and mail is not happy. Did I miss something?or did I mis-configure.
Greg
Eeeew. I thought so too, but I’m in the same boat. I’ll check it out…
OK, so preliminary research says we have to renew our certs by doing something like this:
cd /var/data/mailserver
docker run -ti --rm -v "$(pwd)"/letsencrypt:/etc/letsencrypt certbot/certbot renew
Sadly, this doesn’t work for my certs, which were registered --dns --manual - as it turns out, I have to regenerate them every 90 days 
Let me know how it goes?
D
No luck here:
Processing /etc/letsencrypt/renewal/mail.gerg.org.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (mail.gerg.org) from /etc/letsencrypt/renewal/mail.gerg.org.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.gerg.org/fullchain.pem (failure)
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.gerg.org/fullchain.pem (failure)
-------------------------------------------------------------------------------
I followed your recipe using the domain challenge, so I guess I also have to do the manual updates. Since I don’t have to worry about it again for 3 months, I’ll figure something out closer to that time. 
Yeah, likewise, I just manually regenerated my certs. Some ideas here - we could add a “cron-type” container ala-NextCloud, which attempts the cert renewal daily (it should do nothing provided the cert is not due for expiry). I noticed that the DNS TXT entry for the verification didn’t change, so it may be possible to fully-automate the “manual” regeneration