I run the docker image certbot/route-53 and I had to renew my certs, the automation broke again because something changed in the docker image. While trying to fix it I was rate limited. I issue new certs everytime they expire because its a disposable docker image that runs and generates the certs.
I stupidly didn’t change the domain I was testing against and became rate limited. Is it possible to get the rate-limiting reset for my domain so I can re-generate new certs?
yes they are stored in s3. My jenkins jobs utilize s3 as a key storage with encrypted bucket. Before I deploy my web proxy into kubernetes it creates kubernetes secret with the cert…
I have changed it to this to download the certs into the same folder it generates them but I’m trying to find the command to renew instead of generate if they exist.
I am somewhat skeptical about this approach to certificate management, but if you want Certbot to “remember” previous certificates, you need to store the entire /etc/letsencrypt/ directory (preserving symlinks), as its needs more than just the live directory to track its state.
You might do that, and then adjust the certbot command to do an “issue, renew, or do nothing” workflow.
And you’d have to re-persist the state directory after Certbot runs, of course.
Ahh alright, well I’m not sure I’m going to be able to do that today. If the automation wouldn’t keep breaking because your docker image keeps changing it wouldn’t be an issue. The pattern of just creating new certs automatically when they expire has worked so far, but I’m stupid and forgot to add --dry-run or change the domain when trying to fix it this time. last time pip install failed for awscli this time, it changed from having the certs in /etc/letsencrypt/live to /etc/letsencrypt/live/domain and I ran it to many times before I caught it.
Thanks for your help not sure what I’m going to do for the domain for right now maybe I’ll just generate the cert somewhere else for now until my limit is up.