Hi, so before anything, I understand this question is slightly peculiar in that its more theoretical; As you can see from the answers at the bottom of this post, I have not used certbot yet. This is due to the following.
-
tls-alpn-01 challenge is unsupported via the client (cannot open up port 80 and I’m not sure about requesting a cert using the DNS challenge over port 443)
-
Our ansible version is currently 2.3 and the “acme_challenge_cert_helper” Ansible module is new in v2.7 (I do not have the access to upgrade our version)
https://docs.ansible.com/ansible/latest/modules/acme_challenge_cert_helper_module.html#acme-challenge-cert-helper-module
So I’m more just trying to gather a framework and plan for how I want to implement automating requesting, generating, and renewing our certs.
QUESTION
If I am able to obtain a certificate by fulfilling the tls-alpn-01 challenge via a task using the Ansible module above, will I be able to renew the cert via certbot even though the tls-alpn-01 challenge is not supported? I’m not sure if the whole challenge validation process is started for renewal or not and I can’t seem to find any direct answers.
I literally just started learning about SSL/TLS Certificate validation last week so please bear with me. If there is any additional information that would help in this inquiry please let me know.
My domain is: N/A
I ran this command: N/A
It produced this output: N/A
My web server is (include version): Apache
The operating system my web server runs on is (include version): CentOS/RHEL7
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Will be the latest version
