certbot-dns-multi
certbot-dns-multi copied to clipboard
alexzorin
how to ask this plugin wait more time for namesilo ?
currently this plugin only wait 60 seconds for DNS changes to propagate. that's not enough for Namesilo. how to ask this plugin wait more time?
--dns-multi-propagation-seconds 900
Если я в dns-multi.ini выставляю параметр REGRU_PROPAGATION_TIMEOUT=500, то он не отрабатывает. И после создания DNS TXT записей плагин пытается через 60 секунд проверить TXT записи. Если я запускаю командой и прокидываю --dns-multi-propagation-seconds, то все работает. Но как мне быть уверенным, что при автоматическом обновлении сертификатов без моего участия будет использовать параметр в 500 секунд?
И второй вопрос: я обновил сертификаты, файлы обновились, ярлыки тоже. Но NGINX не был перезапущен автоматически. Как-то можно заставить автоматически перезапускать NGINX?
@Meekwest, the propagation delay value will be recorded in the renewal configuration file for the certificate. E.g.,
[renewalparams]
authenticator = dns-multi
dns_multi_propagation_seconds = 310
dns_multi_credentials = /etc/letsencrypt/dns-multi.ini
...
@alexzorin, would there be a way to make the plugin honor the other variables potentially set in the authenticator file, in the sense of just passing them on to the underlying lego?
E.g., I am often facing the issue that the HE DNS API servers don't respond in a timely fashion, leading to a certificate issuance failure (hurricane: unable to communicate with the API server: error: Post "https://dyn.dns.he.net/nic/update": context deadline exceeded (Client.Timeout exceeded while awaiting headers)).
lego itself seems to support a HURRICANE_HTTP_TIMEOUT setting, which I'd hope would increase the time that the HE servers have to respond before the plugin calls it quits. And other variables as well.
Something similar goes for other providers, with respective variables. E.g., CLOUDFLARE_HTTP_TIMEOUT and others for Cloudflare DNS.
So if the certbot-dns-multi were enabled to honor such additional setting, i.e., just pass them through to the underlying lego for it to use them, that would be nice.
Thanks!
Yes, I think passing through arbitrary environment variables sounds like a good feature to add.
There is a chance that it will be confusing to users if they try using environment variables which are outside the scope of the plugin.
lego proper has some functionality that this plugin doesn't implement, because it only uses a subset of the functionality ("present" + "cleanup"). If the user tries configuring environment variables which are related to that other functionality, that is going to be a bad time. Anyway, that's a documentation issue ...
Also I've never tested it, but I'm curious if setting HURRICANE_HTTP_TIMEOUT in Certbot's environment will automatically get picked up anyway. I'm not clearing the environment, as far as I can tell ...