I have a certificate for the domain bvergnaud.fr that I initially generated by hand, interactively, with certbot.
I’m trying to renew it now using DNS challenges, so that I can automate the renewal.
My domain is hosted by OVH. In case it is relevant, DNSSEC and ANYCAST are enabled for this domain.
The command I run :
certbot certonly --renew-by-default --server "https://acme-v02.api.letsencrypt.org/directory" --dns-ovh --dns-ovh-credentials /config/dns-conf/ovh.ini --manual-public-ip-logging-ok --rsa-key-size 4096 -m 'firstname.lastname@example.org' --no-eff-email --agree-tos -d *.bvergnaud.fr -d bvergnaud.fr
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-ovh, Installer None Renewing an existing certificate Performing the following challenges: dns-01 challenge for bvergnaud.fr dns-01 challenge for bvergnaud.fr Cleaning up challenges Unable to determine zone identifier for bvergnaud.fr using zone names: [u'bvergnaud.fr', u'fr']
This happens in a docker container:
root@eae8e4993084:/$ cat /etc/os-release NAME="Alpine Linux" ID=alpine VERSION_ID=3.8.1 PRETTY_NAME="Alpine Linux v3.8" HOME_URL="http://alpinelinux.org" BUG_REPORT_URL="http://bugs.alpinelinux.org"
I’m having trouble identifying what this error means. Googling it raised only 5 result, all pointing to certbot’s source code, but even with that, I’m still unsure what the problem is exactly.
The way I understand the code, I don’t even know how I reach this exception. There are
domain_name_guesses, I should go in the
for loop, and either succeed authenticating, or
return in one of the two exceptions being caught, given that the second one is generic and should therefore be caught in any odd case.
I’ve been banging my head on this all afternoon. I’ll gladly take any help.