Automate new DNS

BangkokBob · January 21, 2021, 10:22am

We are using certbot 1.11.on Nginx 1.19.5. The installation is uses a SNAP file. Everything works fine.
We want to change to use dns-01 challenge and I have read the documentation at https://certbot-dns-dnsmadeeasy.readthedocs.io

We currently host 4 domains on the server and plan to use dns-01 challenge to add example.com to existing www.example.com

The documentation provides for:
certbot certonly
--dns-dnsmadeeasy
--dns-dnsmadeeasy-credentials ~/.secrets/certbot/dnsmadeeasy.ini
-d example.com
-d www.example.com
This is clear.
My question relates to automatic renewals. If I have run the above script, will the automatic renewal process see I have the two host records and automatically attempt to update them, or do I need to make changes at other places for the update to occur? Certbot tells me that the timer to renew is handled by systemctl snap.certbot.renew.timer.

Where is the script that snap.certbot.renew.timer runs, and what changes are needed to be made to this?

Thanks

_az · January 21, 2021, 10:32am

The timer will renew the certificate for you. You don't need to set up renewal separately.

Once you've created the DME certificate, you can test out renewal with:

certbot renew --dry-run

BangkokBob · January 22, 2021, 4:52am

Thanks
I have setup my example test following the example given at https://certbot-dns-dnsmadeeasy.readthedocs.io/en/stable/

Prior to running the command I had run:

sudo snap install certbot-dns-dnsmadeeasy

and

snap set certbot trust-plugin-with-root=ok

When I run the command in the certbot example I receive the following error:

certbot: error: unrecognized arguments: --dns-dnsmadeeasy-credentials /root/.secret s/certbot/dnsmadeeasy.ini

Any ideas?

_az · January 22, 2021, 5:31am

It's not clear to me which order you ran these in, but the second command needs to go first.

Does that solve your problem?

BangkokBob · January 22, 2021, 5:36am

Yes! Great thanks! That fixed it.

BangkokBob · January 22, 2021, 6:30am

Is there a command that I can use to tell certbot that I wish to change from http to dns-01?
What would the syntax be?

thanks

griffin · January 22, 2021, 7:10am

--preferred-challenges dns

BangkokBob · January 22, 2021, 7:27am

thanks again. I will need to wait on auto-renewal to see that new renewals do this.

Osiris · January 22, 2021, 10:24am

You can test renewing with --dry-run

system · February 21, 2021, 10:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Automating renewal by DNS-01 Options Help	5	2770	February 16, 2022
Certbot auto-renew with my hoster Help	5	1027	November 15, 2020
Automate renew using certbot with dns-01 for firewalled host Help	6	2713	November 12, 2017
Certbot manual with certonly Help	6	3038	October 5, 2022
Can't renew manually issued certificate (DNS challenge) Help	13	1736	September 18, 2020

Automate new DNS

Related topics