I recently issued a wildcard certificate for my domain. As part of that process, I had to do the DNS TXT entry dance to prove to Certbot that I owned the domain for which the certificate was being issued (via the manual dns check). I then setup a renewal script in crontab (see below), which is now failing because it is trying to do the “manual” DNS authentication check again.
My question is: if I already proved that I own the domain during the issuance, how do I skip that step in the renewal? I assume that I don’t have to prove time-and-time again that I actually own the domain? Or, do I?
NOTE: I understand that DigitalOcean has some DNS plug-in; but, I’m trying to understand the process before I fall-back to using some other plug-in.
My domain is:
I ran this command:
#!/bin/bash /usr/bin/docker run --rm --name letsencrypt \ -v "/etc/letsencrypt:/etc/letsencrypt" \ -v "/var/log/letsencrypt:/var/log/letsencrypt" \ quay.io/letsencrypt/letsencrypt:latest \ renew
It produced this output:
Cert is due for renewal, auto-renewing... Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',) Attempting to renew cert (dailyprime.me-0001) from /etc/letsencrypt/renewal/dailyprime.me-0001.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/dailyprime.me-0001/fullchain.pem (failure)
My web server is (include version):
nginx (latest docker image)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):