search

joohoi / acme-dns-certbot-joohoi

Certbot client hook for acme-dns
MIT License
217 stars 65 forks source link

Explicit renewal command in documentation #12

Open sh511 opened 6 years ago

sh511 commented 6 years ago

May I suggest to add inn the documentation the exact command required for the renewal and also where "critical" information is stored to avoid deleting a required file. Even after RTFM, oe figures out how to proceed but it would nice to have explicit instructions in the README.

On a different topic, in instances were there is a complex configuration of name servers, the propagation of the CNAME might take quite a while. It would be nice to have the option of exiting at the "Press enter to continue" point and restart the command later. It would be more elegant than having to do a to abort the script. Upon restart, the credentials and the CNAME are already in place and everything works smoothly.

joohoi commented 6 years ago

May I suggest to add inn the documentation the exact command required for the renewal

Good idea, it's just certbot renew, but I kind of wrote it with an assumption that "everyone" have their Certbot cron/systemd jobs configured (either automatically by the distribution package manager, or manually if using certbot-auto). But it is true that people might just start from the scratch when checking this out.

...also where "critical" information is stored to avoid deleting a required file. Even after RTFM, oe figures out how to proceed but it would nice to have explicit instructions in the README.

Yeah, that's a good idea.

On a different topic, in instances were there is a complex configuration of name servers, the propagation of the CNAME might take quite a while. It would be nice to have the option of exiting at the "Press enter to continue" point and restart the command later. It would be more elegant than having to do a to abort the script. Upon restart, the credentials and the CNAME are already in place and everything works smoothly.

I think long propagation times are more exception than a rule. I think the overall best way to handle this would be to add a few lines to the text printed before pausing, indicating that if your DNS propagation times are unfortunately long, you can Ctrl-C here, and re-run the command when the changes have propagated over the DNS servers.

jcormier commented 5 years ago

I am also interested in explicit instructions to setup certbot-auto to auto-renew the cert.

joohoi commented 5 years ago

I am also interested in explicit instructions to setup certbot-auto to auto-renew the cert.

You should follow the recommended Certbot installation instructions on your distribution. Adding certbot renew to your cronjob or as a systemd timer should be sufficient. Certbot saves the configuration options and will reuse them non-interactively when doing the renewals.

If you installed Certbot from a package repository of your distribution of choice, the systemd timer is most likely already installed for you. Check https;//certbot.eff.org/ for detailed instructions for your distribution.

jcormier commented 5 years ago

Thanks. Was able to setup certbot-auto to run in a cronjob and add some deploy hooks in the renewal-hooks/deploy directory.

carlospauluk commented 4 months ago

I'm having problems with certbot renew. It seems that evertime a new TXT entry is generated, so it always returns like this:

Domain: sub.mydomain.com.br Type: unauthorized Detail: Incorrect TXT record "nowwGZSHXyFQ-K1OlKfgOYICT1yuZ0jrjo22FJ4-DIq" found at _acme-challenge.sub.mydomain.com.br

Everytime the value is different. What may I be doing wrong? Thank you.

emoxam commented 2 months ago

May I suggest to add inn the documentation the exact command required for the renewal

Good idea, it's just certbot renew, but I kind of wrote it with an assumption that "everyone" have their Certbot cron/systemd jobs configured (either automatically by the distribution package manager, or manually if using certbot-auto). But it is true that people might just start from the scratch when checking this out.

...also where "critical" information is stored to avoid deleting a required file. Even after RTFM, oe figures out how to proceed but it would nice to have explicit instructions in the README.

Yeah, that's a good idea.

On a different topic, in instances were there is a complex configuration of name servers, the propagation of the CNAME might take quite a while. It would be nice to have the option of exiting at the "Press enter to continue" point and restart the command later. It would be more elegant than having to do a to abort the script. Upon restart, the credentials and the CNAME are already in place and everything works smoothly.

I think long propagation times are more exception than a rule. I think the overall best way to handle this would be to add a few lines to the text printed before pausing, indicating that if your DNS propagation times are unfortunately long, you can Ctrl-C here, and re-run the command when the changes have propagated over the DNS servers.

Will it work to run certbot renew if usage is using "--manual" ? DNS-01 method assume that TXT record is created, renew task assume that this record will be created automatically so we need some plugin for DNS provider to create TXT automatically. So there are a lot of question how to implement it when usage only speak about one time run usage.