Lost my "Create a file containing just this data"

runbmp · April 25, 2023, 6:29pm

I created a cert using

sudo certbot certonly --manual --preferred-challenges dns --domains '*.mydomain.com' --agree-tos --email myemail@example.com -v

However, I closed my terminal after successfully making the DNS TXT challenge. Therefore I lost the message that had the name and the contents of the .well-know file that I need to place on my server.

Can I get that back?

Osiris · April 25, 2023, 6:33pm

Sure, just repeat the command you ran earlier. A few things to note though:

the options --agree-tos and --email are only used for registering the ACME account. Once that's done, you won't need those two options any more on the command line.
it's NOT recommended to use the --manual authenticator as it cannot be automated. We HIGHLY recommend to use a different authenticator, depending on your needs and what's possible:
- do you really require a wildcard certificate? Because if you don't, you might not need the dns-01 challenge and thus possibly could also use a way easier method of authentication
- if you DO need a wildcard certificate, it might be possible to use a dedicated authenticator for your DNS provider to automate the challenge
putting a file in the .well-known directory is NOT part of the dns-01 challenge, but for the http-01 challenge, which is NOT the command you're currently showing. So that's at odds with each other.. Confusing?

Bruce5051 · April 25, 2023, 6:34pm

Hello @runbmp, welcome to the Let's Encrypt community.

No, that instance of the message is gone; unless your terminal program has an undo to being closed or retains its history upon reopening then.

runbmp · April 25, 2023, 6:35pm

When I rerun the command, I get a successfull output, but the issue is that it doesn't spit out the well-known contents again

These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

Yes, this has to be a manual wildcard cert. I understand it only lasts 3 months.

runbmp · April 25, 2023, 6:36pm

Wait, I don't need to do the well-known file if I do the dns one?

Osiris · April 25, 2023, 6:36pm

Why would you care about the .well-known contents if it was successful already?

Correct. Unless you're mixing the dns-01 and http-01 challenge.

Note that your current certificate for *.example.com is NOT valid for just example.com.

rg305 · April 25, 2023, 6:37pm

Even if you "got it back", how would you "hit enter to continue" [once the file/TXT entry was readied]?

That session is dead, all you can do [should do] is redo the step(s).
And pay closer attention.
As @Osiris pointed out: DNS TXT records are not to be placed in the web servers' /.well-known/ directory.

system · May 25, 2023, 6:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.