Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: *.medicard.systems
I ran this command:
sudo certbot renew --force-renewal --server https://acme-staging-v02.api.letsencrypt.org/directory --cert-name medicard.systems
It produced this output:
Saving debug log to /opt/local/var/log/letsencrypt/letsencrypt.log
Processing /opt/local/etc/letsencrypt/renewal/medicard.systems.conf
Plugins selected: Authenticator manual, Installer None
Failed to renew certificate medicard.systems with error: You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
All renewals failed. The following certificates could not be renewed:
/opt/local/etc/letsencrypt/live/medicard.systems/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
Rimuhosting.com (no plugin available, but python wrappers for the rimu dns api are available.)
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.13.0
I changed my nameserver on medicard.systems and did not bring the _acme.challenge entry across. 6 weeks later, the cert came up for renewal, and the validation failed on the new server.
When I first created wildcard certs, I used a manual process that involved updating the nameserver manually.
I went through that process, created a TXT record for _acme.challenge.etc… and the certificate was created.
I create these certs locally, and scp them onto the servers, so I have /opt/local/etc/letsencrypt/{live, archive, renewal, etc}. I found that I subsequently had in the letsencrypt directories, directories for both medicard.systems and medicard.systems-001.
I also found that on my ehealth.id.au server, the _acme.challenge is entered as a CNAME, rather than a text, so I gather thing have been changing fairly rapidly.
I tried a --force-renewal to staging to test whether I had stuffed it up and indeed I had. (See output above.)
Given the situation, and my ability to wind back, how should I go about cleaning up?