Certbot renew with dns challenges

Hello All,
I have a working letsencrypt system that works perfect when using manual DNS challenges.
and I am trying to convert the same into an automated system.
here is my creation/renewal command:
# certbot certonly --manual --preferred-challenges dns --cert-name dom.tld -d *.dom.tld,dom.tld --manual-auth-hook /root/scripts/letsencrypt/dnsauthenticator.sh --manual-cleanup-hook /root/scripts/letsencrypt/cleanup.sh

I ran certbot renew and it gave me PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping. in letsencrypt.log

I added the --manual-auth-hook to the command but it seems like $CERTBOT_DOMAIN variable is not populated.

Here is my dnsauthenticator.sh:
echo date" TXT record to create: “$CREATE_DOMAIN” IN TXT “$CERTBOT_VALIDATION >> /var/log/letsencrypt/letsencrypt.log
echo $CREATE_DOMAIN” TXT "$CERTBOT_VALIDATION >> /root/scripts/letsencrypt/records/$CERTBOT_DOMAIN
#sleep 70
echo “server myNS.domain.tld
update add _acme-challenge.$CERTBOT_DOMAIN 600 TXT $CERTBOT_VALIDATION
send” | nsupdate
sleep 60

Any suggestions?

What version of certbot are you using?

Following the example here: https://certbot.eff.org/docs/using.html#pre-and-post-validation-hooks and on the chance that cmdline option order is important, have you tried moving --cert-name <foo> and -d <foo> to a position in the cmdline AFTER all the --manual-<foo> options?

1 Like

Hello @ezekiel,
Thanks for the reply.

I am using certbot 0.31.0

currently I am using certbot certonly --manual --preferred-challenges dns --cert-name dom.tld -d *.dom.tld,dom.tld --manual-auth-hook /root/scripts/letsencrypt/dnsauthenticator.sh --manual-cleanup-hook /root/scripts/letsencrypt/cleanup.sh for creating and renewals.

and wondering if there is a way to automate this. I donot intent to use http for renewals because of my current infrastructure.
My system is running Debian buster: Linux HOSTNAME 4.19.0-4-amd64 #1 SMP Debian 4.19.28-2 (2019-03-15) x86_64 GNU/Linux
Help appreciated.

Are you still encountering the PluginError ?

thanks a ton!
it worked!
below is my crontab output that renews all my certs.

crontab -l

00 00 * * * certbot renew --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/dnsauthenticator.sh

1 Like

Congratulations! That's great!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.