I have been using letsencrypt for the better part of the last year - it has been great. I have been slowly trying to increment this towards automation.
I am using DNS challenge with SAN certs for the bulk of our domains and then generating an haproxy specific cert. In addition we are starting to use this with GCP loadbalancers which take a similar cert. It all works pretty well but I have a few questions on smoothing this out a bit.
even with the “agree-tos” flag set (see below) I still get asked if it is ok to log my IP. How do I autoanswer that question?
And in this case, you might want to use --post-hook to run a script with this effect. (Remember that the recommended command once you already have the certificate is just certbot-auto renew, which uses saved settings to renew the certificate, but only attempts to do so when the certificate is less than 30 days from expiry.)
Thank you - I am running these all from a central deploy server (Ansible + jenkins) so I don’t think I can use the ‘certbot-auto renew’ - but I will look into it.
A ‘post-hook’ is a good idea to try as a next step.Thanks