desec-stack icon indicating copy to clipboard operation
desec-stack copied to clipboard

Published 20 hours ago verified publisher icon desec-io

Certbot documentation

Open davidhadas opened this issue 4 years ago • 5 comments

It is unclear from the documentation if renew is done by simple cerbot renew as documented by cerbot or required some use of the hook...

davidhadas avatar Jan 14 '21 11:01 davidhadas

Thanks for the report! Would you like to come up with better explanations, and submit a PR to improve the documentation?

peterthomassen avatar Jan 14 '21 11:01 peterthomassen

I do not know the answer as of now... What is the procedure to renew a certificate in this case? Is it done by simple cerbot renew as documented by certbot or does it it require some different use of the certbot and the hook developed as part of teh desec?

If someone can spell out the procedure for certificate renew, I can add it to the doc via a PR.

davidhadas avatar Jan 14 '21 12:01 davidhadas

I think one currently needs to figure that out from the certbot documentation (I also don't know the answer from the top of my head).

peterthomassen avatar Jan 14 '21 12:01 peterthomassen

certbot remembers the settings from the initial call, all you need to do is certbot renew, passing the config/log/work directories if applicable. On my system, I'm doing

certbot --config-dir certbot/config --logs-dir certbot/logs --work-dir certbot/work renew

where the content of config/renewal/example.dedyn.io.conf is

# renew_before_expiry = 30 days
version = 0.40.0
archive_dir = ██████████certbot/config/archive/example.dedyn.io
cert = ██████████certbot/config/live/example.dedyn.io/cert.pem
privkey = ██████████certbot/config/live/example.dedyn.io/privkey.pem
chain = ██████████certbot/config/live/example.dedyn.io/chain.pem
fullchain = ██████████certbot/config/live/example.dedyn.io/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = █████████████████████████████████
pref_challs = dns-01,
config_dir = ██████████certbot/config
work_dir = ██████████certbot/work
logs_dir = ██████████certbot/logs
authenticator = manual
manual_auth_hook = ██████████desec_certbot_hook.sh
manual_public_ip_logging_ok = True
server = https://acme-v02.api.letsencrypt.org/directory

(some local file paths and account numbers redacted)

nils-wisiol avatar Jan 14 '21 13:01 nils-wisiol

Our certbot hook is being replaced by @nils-wisiol's new certbot plugin. Let's use this ticket for tracking necessary adjustments to our documentation reflecting that switch.

peterthomassen avatar May 13 '21 14:05 peterthomassen