acme-dns-certbot-joohoi icon indicating copy to clipboard operation
acme-dns-certbot-joohoi copied to clipboard

Published 20 hours ago verified publisher icon joohoi

Explicit renewal command in documentation

Open sh511 opened this issue 7 years ago • 6 comments

May I suggest to add inn the documentation the exact command required for the renewal and also where "critical" information is stored to avoid deleting a required file. Even after RTFM, oe figures out how to proceed but it would nice to have explicit instructions in the README.

On a different topic, in instances were there is a complex configuration of name servers, the propagation of the CNAME might take quite a while. It would be nice to have the option of exiting at the "Press enter to continue" point and restart the command later. It would be more elegant than having to do a <Ctrl-C> to abort the script. Upon restart, the credentials and the CNAME are already in place and everything works smoothly.

sh511 avatar Aug 07 '18 03:08 sh511

May I suggest to add inn the documentation the exact command required for the renewal

Good idea, it's just certbot renew, but I kind of wrote it with an assumption that "everyone" have their Certbot cron/systemd jobs configured (either automatically by the distribution package manager, or manually if using certbot-auto). But it is true that people might just start from the scratch when checking this out.

...also where "critical" information is stored to avoid deleting a required file. Even after RTFM, oe figures out how to proceed but it would nice to have explicit instructions in the README.

Yeah, that's a good idea.

On a different topic, in instances were there is a complex configuration of name servers, the propagation of the CNAME might take quite a while. It would be nice to have the option of exiting at the "Press enter to continue" point and restart the command later. It would be more elegant than having to do a to abort the script. Upon restart, the credentials and the CNAME are already in place and everything works smoothly.

I think long propagation times are more exception than a rule. I think the overall best way to handle this would be to add a few lines to the text printed before pausing, indicating that if your DNS propagation times are unfortunately long, you can Ctrl-C here, and re-run the command when the changes have propagated over the DNS servers.

joohoi avatar Aug 07 '18 08:08 joohoi

I am also interested in explicit instructions to setup certbot-auto to auto-renew the cert.

jcormier avatar Dec 13 '18 15:12 jcormier

I am also interested in explicit instructions to setup certbot-auto to auto-renew the cert.

You should follow the recommended Certbot installation instructions on your distribution. Adding certbot renew to your cronjob or as a systemd timer should be sufficient. Certbot saves the configuration options and will reuse them non-interactively when doing the renewals.

If you installed Certbot from a package repository of your distribution of choice, the systemd timer is most likely already installed for you. Check https;//certbot.eff.org/ for detailed instructions for your distribution.

joohoi avatar Dec 13 '18 16:12 joohoi

Thanks. Was able to setup certbot-auto to run in a cronjob and add some deploy hooks in the renewal-hooks/deploy directory.

jcormier avatar Dec 13 '18 19:12 jcormier

I'm having problems with certbot renew. It seems that evertime a new TXT entry is generated, so it always returns like this:

Domain: sub.mydomain.com.br Type: unauthorized Detail: Incorrect TXT record "nowwGZSHXyFQ-K1OlKfgOYICT1yuZ0jrjo22FJ4-DIq" found at _acme-challenge.sub.mydomain.com.br

Everytime the value is different. What may I be doing wrong? Thank you.

carlospauluk avatar May 21 '24 01:05 carlospauluk