cPanel DNS integration MissingSchema

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:limo.net

I ran this command:# certbot renew --dry-run --authenticator cpanel --certbot-dns-cpanel:cpanel-credentials /etc/letsencrypt/credentials.ini

It produced this output: Failed to renew certificate vpn.limo.net with error: Invalid URL 'acme-staging-v02.api.letsencrypt.org': No schema supplied. Perhaps you meant http://acme-staging-v02.api.letsencrypt.org?

My web server is (include version): openvpn-as

The operating system my web server runs on is (include version):Ubuntu 22.04.5 LTS \n \l

My hosting provider, if applicable, is: cpanel

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.21.0

Welcome to the Let's Encrypt Community!

cPanel isn't a hosting provider. It's a hosting platform leveraged by a hosting provider.

If you're using renew, usually you'd already have the authentication and installation methods stored for the certificate lineage.

I also don't think cpanel is the correct authenticator.

Example usage:

certbot run --authenticator certbot-dns-cpanel:cpanel --installer certbot-dns-cpanel:cpanel --certbot-dns-cpanel:cpanel-credentials /path/to/credentials.ini -d 'example.com' -d '*.example.com'

I'm trying to set up Direct DNS authentication, as releasing port 80/443 is problematic, so Yes I did add the script from:

https://github.com/certbot-cpanel/certbot-dns-cpanel

The problem wasn't that you didn't have that script. The problem was the kind of command you used. Please review @griffin post again

Apart from that, you already have a wildcard cert that includes the names *.limo.net and limo.net. Why can't you use that certificate for connections to vpn.limo.net ?

That is one of the advantages of a wildcard cert in that you can use it for other subdomains.

They are on a different server. And the server is cpanel and yes it does have a wild card that could be used I was leaning towards just letting this server run it's own cert renewals, vs having to push them from to the other. The wildcard will cover all hosts but the uisp.limo.net is not hosted on a cpanel server so it will never have it's own. And the uisp.limo.net is docker container and wants to reach out on port 80 for the authentication. Which is the real problem I'm trying to solve.

Maybe I misunderstand but is sounds like you have 3 different systems. If these are all on the same local network it seems much easier to keep the system getting your wildcard cert and distribute that to the others.

Certbot has a --deploy-hook option which can run a script you create for that. Or, develop your own way to copy the fullchain and privkey files to those systems.

You will need to regularly reload those other servers so they pickup any new cert.

That seems much easier than setting up 3 different methods for getting a cert and making sure they all work reliably.