Thanks for the answer. I’m using letsencrypt 0.11.1 and the ‘–manual’ command only have these switches:
Path or command to execute for the authentication
script (default: None)
Path or command to execute for the cleanup script
Automatically allows public IP logging (default: Ask)
The ‘certbot’ command does not seem to recognize that "–preferredchallenges’ argument but says:
> certbot: error: unrecognized arguments: --preferredchallenges dns-01
A sorted, comma delimited list of the preferred
challenge to use during authorization with the most
preferred challenge listed first (Eg, “dns” or “tls-
sni-01,http,dns”). Not all plugins support all
challenges. See https://certbot.eff.org/docs/using.html#plugins for
details. ACME Challenges are versioned, but if you
pick “http” rather than “http-01”, Certbot will select
the latest version automatically. (default: )
Yes, you would have seen that information when you would have run certbot --help manual But as it's not specific for just the manual plugin, you would have found it in the "optional arguments" in that same output. Just don't blindly stare at the part after "manual:"
I had run --manual and several help commands and read the docs of those letsencypt-auto/certbot-auto (old) clients that were installed in our hosts (after I got this task to make SSL-certs to our servers that were moved behind NAT-firewalls three days ago) and they did not have anything about DNS-veriification, also the advice given by @ahaw01 who actully answered this question had it written in incorrect format, which I actually corrected after finding out the arg/options that should be used.
Of course many things could have been searched and could have been done, but after having done a lot of search and experiments with those clients that we had and reading about in these forums that documentation is somwehat sparse on how to use DNS-based verification I decided to asked. And I was actully given an anwer that lead me to correct path and now we have the solution which you can see above.
Instead of you @Osiris OT commenting/complaining about how we found out the commands, you could have provided the correct format and arguments as an answer to the Q that was asked, which was more about the defails of the whole procedure to achieve DNS-based verificatiion of SSL:s with LetsEncrypt of which the generation of the challenge with any of the appropriate clients is just one part.
Just don't *blindly stare *at the words written here but try to understand why and for what they are written
nice one! let me know how you go with the hook stuff
Yes thank you for your command examples, they were were helpful foo.
I'm now experimenting with different solutions to automatice this DNS-based challenge generation and verification and renewal process, cause we are still in testing phase and the DNS-records management polices are not exactly clear yet, so Iän not sure if there will be any APIs available for us to automate thist.
But there seems to be many Python-based scripts that can automate parts of those DNS-hooks, but I am still looking for a pure Bash-based solution (especially for the renewal part), cause I do not want to install stuff on our production servers just for SSL/DNS-verification (unless it is absolutely necessary).