Certbot renew port 80 issue

Step one: The pre-testing.

  • Need to make simple TXT test record
  1. Login to page where you can create A and CNAME records
  2. Add a TXT record type for "_acme-challenge.foundry" (don't put the full name - that only confuses stupid programing) with "TEST" in it.

When you "get it right", this query will return "TEST"
nslookup -q=txt _acme-challenge.foundry.koodgarma.com

I'm in Godaddy DNS manage page for koodgarma.com, just to be clear is this how I enter the new record?

Type = TXT
Name = _acme-challenge.foundry
Value = TEST
TTL = Default

Perfect!
[apply that]

Viola!

nslookup -q=txt _acme-challenge.foundry.koodgarma.com
_acme-challenge.foundry.koodgarma.com   text = "TEST"

Done, entering the nslookup line in powershell now. It's ALIVE!

Now we go this route:

And you follow the prompts.
When it asks you to create the TXT record, just update the "TEST" entry with what's shown.

When I enter that line in the powershell, how do I enter the second line for --preferred

Is that shift+enter to separate the lines?

make it all one line
remove the "\"
[sorry that was Linux style for line wrapping (continued on next line)]

Got the following error from that:

Too many flags setting configurators/installers/authenticators 'standalone' -> 'manual'

OK
We need to rewrite that so certbot understands us.

Try without:
--standalone

pick "spin up a web server"

Just to be clear, is this the revised cmd line to enter?

certbot certonly --manual --preferred-challenges=dns -d foundry.koodgarma.com

Yes
but if that fails, we can go the other way:
certbot certonly --standalone --preferred-challenges=dns -d foundry.koodgarma.com

either way, certbot should ask for anything that's missing

Sorry my mind is twisted!
We can't use --standalone nor "spin up a web server"

Whoa I think we just hit paydirt, got a lot thrown back at me...

Saving debug log to C:\Certbot\log\letsencrypt.log
Renewing an existing certificate for foundry.koodgarma.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.foundry.koodgarma.com.

with the following value:

*<<REMOVED A LONG STRING IN CASE THIS IS SUPPOSED TO BE SECRET>>*

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.foundry.koodgarma.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

that is a public string - not a secret

replace "TEST" with that string

Done and godaddy says it may take an hour to 48 hours to update the record.

Okay for me to hit Enter to Continue on powershell?

Progress!

nslookup -q=txt _acme-challenge.foundry.koodgarma.com ns23.domaincontrol.com
_acme-challenge.foundry.koodgarma.com   text =
"4K0V2_MSqZU7kUTBCg-o3pDhv7nHdDFAt0dWjF8yP1I"

Yes, press ENTER now - the record is already there
LE doesn't use global (caching) DNS servers, so it is not subjected to TTL wait time.

YES! Here is what came after that... I think the next step is to copy and paste the cert and key pem files to my Foundry VTT folder right?

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\foundry.koodgarma.com\fullchain.pem
Key is saved at: C:\Certbot\live\foundry.koodgarma.com\privkey.pem
This certificate expires on 2022-06-09.
These files will be updated when the certificate renews.

NEXT STEPS:

  • This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

If you like Certbot, please consider supporting our work by: