This got me past the point I was at before, but now I'm getting a 503: Forbidden, which I can only assume is related to the API. I'm trying to sort out now what settings aren't working. I added my API key. My DNS is set up for this domain through Vultr.
Failed authorization procedure. shapingla.com (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.shapingla.com, www.shapingla.com (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.www.shapingla.com
Going to kill and reissue my API key. Hoping that fixes it.
So, it's throwing 503's (rate limits) and 403's (API key invalid or missing). My API key is not missing. It is in the script. I've checked it manually with a get request:
This returns that it is an invalid API key. I copy-pasted this key and verified it before running the request. Something is wrong with Vultr's API right now, or something is wrong with the way they issue API keys at the moment. I'm not sure which it is.
That being said, is there another way to do what I am trying to do that isn't automated? Even if it is a bit more complicated?
Thank you for sticking with me and helping me with this crap.
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --preferred-challenges: Unrecognized challenges: DNS-01
Is my certbot messed up or something? Everything I try is screwed up lol. Should I nuke it and start from scratch?
The command should be certbot --manual -d shapingla.com -d www.shapingla.com --preferred-challenges DNS
Also, if your certificate isn’t compromised, you won’t need to start from scratch.
P.S. when you got the certificate issued, check your Nginx virtual host for key and certs ends in .pem file. Change that (from the old files) to the new certificate you just obtained.
Thank you for everything and thank you for talking me off of the cliff as far as using nukes. It's a bad habit. I am officially sorted. Looks like the issue was definitely just not adding the www url to the cert.
For anyone with this issue in the future: you need to make sure all iterations of your domain are included in the cert. Make sure your domain is defined in your server block (if NGINX). And make sure that if your host has a custom NGINX setup, you are using and referencing the correct conf file.
As far as that authorize and cleanup hook StevenZhu found: Anyone using Vultr that wants to utilize their API key needs to whitelist their server... from my.vultr.com -> Account -> API -> Access control. Make sure you apply the correct subnet. This will prevent your API calls from failing due to an invalid key.
Thank you again Stevenzhu. You were wonderful. And thanks to the LetsEncrypt/Certbot community for creating a fantastic tool that has revolutionized certificate handling.