Automatic renewal doesn't work

[adhawkins]

Hi,

I've managed to generate a certificate using certbot external auth:

certbot --staging -d xxx.yyy.zzz -a certbot-external-auth:out --certbot-external-auth:out-public-ip-logging-ok --preferred-challenges dns --certbot-external-auth:out-handler ./handler-example.sh certonly

The handler-example.sh generates an appropriate DNS entry and updates the DNS.

but when I try to renew:

certbot renew --force-renewal --cert-name xxx.yyy.zzz

I get the error:

Running manual mode non-interactively is not supported (yet)

Also, looking in /etc/letsencrypt/renewal/xxx.yyy.zzz, the config file doesn't have any reference to the external handler script I'm using to populate the DNS.

Any suggestions as to how I can get this to work?

Thanks

Andy

[ph4r05]

Will take a look, thanks for issue

[cbix]

Same issue here. /root/hexonet/acme.py is my custom custom hooks scripts which puts a given ACME challenge in the TXT record. It worked a while back but now it doesn't (latest certbot 0.10.2 on debian jessie). /etc/letsencrypt/renewal/xxx.yyy.zzz.conf:

# renew_before_expiry = 30 days
version = 0.14.0
cert = /etc/letsencrypt/live/xxx.yyy.zzz/cert.pem
privkey = /etc/letsencrypt/live/xxx.yyy.zzz/privkey.pem
chain = /etc/letsencrypt/live/xxx.yyy.zzz/chain.pem
fullchain = /etc/letsencrypt/live/xxx.yyy.zzz/fullchain.pem
archive_dir = /etc/letsencrypt/archive/xxx.yyy.zzz

# Options used in the renewal process
[renewalparams]
authenticator = certbot-external-auth:out
installer = certbot-external-auth:out
account = xxxxxxxx
certbot_external_auth:out_public_ip_logging_ok = True
certbot_external_auth:out_handler = /root/hexonet/acme.py
certbot_external_auth:out_dehydrated_dns = True
pref_challs = dns-01,

[cbix]

My workaround is to issue the certonly command in cron instead of renew. I think certbot should differ between manual and scripted certificate issuing, the latter using a handler script and thus not being run manually.