Somewhere in the last couple of months certbot (snap) stopped working and I cannot figure out why due to the lack of an error.
All I have been able to figure out is that it won't get past this:
INFO:certbot.compat.misc:Running manual-auth-hook command: /home/pi/certificates/certbot-auto-authenticator.sh
(As for the filename, I originally used certbot-auto, untill it was no longer supported.)
That script uses curl to send the values for DNS verification to an externally hosted PHP script that creates the TXT records needed for verification. The TXT records are no longer created, nor does curl give any output.
This PHP script has been working fine for years and as far as I know, nothing has changed in the last couple of months, so I have nothing to go on to solve this. I checked the logs of the webserver the script is running on, no errors.
Currently certbot is attempting a dry-run, but the last output is
Simulating renewal of an existing certificate for domain.tld and *.domain.tld
Based on the output of ps aux | grep certbot and certbot's log it's stuck again on manual-auth-hook.
Is there any way to get certbot to generate more output so that I can figure out what's going wrong?
Raspbian 9 (yes, I know it's not the most recent)
certbot 1.21.0
certbot config:
renew_before_expiry = 30 days
version = 1.19.0
archive_dir = /etc/letsencrypt/archive/domain.tld
cert = /etc/letsencrypt/live/domain.tld/cert.pem
privkey = /etc/letsencrypt/live/domain.tld/privkey.pem
chain = /etc/letsencrypt/live/domain.tld/chain.pem
fullchain = /etc/letsencrypt/live/domain.tld/fullchain.pemOptions used in the renewal process
[renewalparams]
authenticator = manual
account = ********************************
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
manual_auth_hook = /home/pi/certificates/certbot-auto-authenticator.sh
manual_cleanup_hook = /home/pi/certificates/certbot-auto-cleanup.sh
post_hook = /home/pi/certificates/certbot-auto-reload.sh
As for certbot's logs, all I could find was that during the last run (on the 27th of November) the last thing it did was trying to run manual-auth-hook for renewing, then nothing, till I killed certbot that turned out to be still running a week later, still hanging on manual-auth-hook.