oGGy990
commented
5 years ago Hey Kevin,
I'm sorry, I totally missed the mail informing me about this issue. I guess it's fine since it's not really an actual "issue". ;-)
Easy to fix, but still could be mentioned in the README
Asked and done!
Then installation worked, but I received a warning
Well, this warning is for some special package key which is wanted by the PyPI for installation via pip. It's used to link the markdown README.md as the description contents for the package in the repository. So this must be ignored.
It might also be worth mentioning that you have to use the v2 endpoint for wildcard certificates
In fact, this is the default in certbot since quite some versions (0.30 i guess?). Ubuntu and Debian are as usual a bit behind, but this is rather something to be noted in installation guides for certbot itself on such distributions. I'm not trying to provide a generic "certbot wildcard howto".
I used this renew command previously, to check if a cert must be acquired
There's no need to add the -a flag with the authenticator in renew commands. The authenticator is saved in your renewal config (see /etc/letsencrypt/renewal/*.conf). The same command you used before should still work. I've just tried it on one of my servers:
sudo certbot renew --dry-run --cert-name XXXXXXXXX
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/XXXXXXX.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator certbot-dns-inwx:dns-inwx, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for XXXXXXXXX
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/XXXXXXXX/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/XXXXXXXXXX/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: XXXXXXXXXX
kevinpapst
First of all: thanks for your release here! Very much appreciated 👍
And here comes some feedback related to the installation process, maybe this helps the next user... or it could be added to the README.
Your installation recommendation didn't work exactly as given, I am on Ubuntu 18.04 with
certbotandpython3-certbot-nginxinstalled via apt. Normal certs work fine, I wanted to incorporate wildcard certs now.Easy to fix, but still could be mentioned in the README:
Then installation worked, but I received a warning:
It might also be worth mentioning that you have to use the v2 endpoint for wildcard certificates, which can be set via command-line parameter or in certbot config, e.g.
/etc/letsencrypt/cli.ini:I used this renew command previously, to check if a cert must be acquired:
which seems to be incompatible with the
-aflag, which leads toThankfully both return the same exit code... I am using this this command a Saltstack setup which automatically provisions new servers, maybe not interesting for manual usage.
I primarily wanted to say THANK YOU and share my findings, not much to ask here, besides that installation warning - I guess that can be ignored, as everything seems to work fine?!?