Auto renewal started failing with error - Missing command line flag or config entry for this setting

The specific bug is that some versions of Certbot, when issuing a certificate, would fail to save the webroot path for hostnames it did not have to validate.

When an ACME account has validated a name within the last 30 days, Let's Encrypt allows it to issue certificates without validating the name again. (This is not a promise, and clients shouldn't rely on it, but it's how it normally works.)

It was fixed in Certbot 0.35.0.

Renewing will not normally break the configuration, because certificates are normally renewed approximately every 60 days, long after the authorizations would have expired, always forcing the names to be validated again.

It comes into play in other circumstances -- adding a new subdomain not long after a certificate was renewed, maintaining multiple certificates with overlapping hostnames, or renewing unusually frequently.

Depending on their workflow, the bug may rarely or never affect people.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.