My context.
I use certbot as no-root user on local box. When certs are generate I push them on my server. I have no problem the first time i ran the command. All is fine. Thanks.
I have this dns record (something like): _acme-challenge 10800 IN TXT "first-UPvyMipxfho52xawazaa_Qu4HV81bkBimpaf"
when I will renew certs, I use the some command (I read I can’t use renew with manual mode) but I must change dns record. I would like renew manually without editing dns record.
I ran this command: certbot certonly --manual --preferred-challenges dns -d paste.esigoto.info --config-dir . --logs-dir . --work-dir .
It produced this output:
Please deploy a DNS TXT record under the name
_acme-challenge.paste.esigoto.info with the following value:
second-iaB3xFjnxlRUzR0iON8rIQHMpompompom
Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. paste.esigoto.info (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "first-Hcxdec2iYWYRb8g5CYFX-pompompom" found at _acme-challenge.paste.esigoto.info
I understand this output.
Is it possible to not change dns record for manually renew ?
Thanks a lot.
P.
More infos.
My web server is (include version): Apache
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: Debian VM OVH
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Well, what you are saying is, I don't want to go through domain validation again at renewal time. No, you can't do this, because it is part of the rules that Let's Encrypt must follow in order for them to be trusted as a CA.
Alternatively you can use an entirely different Let's Encrypt client, such as Lego, which natively supports Gandi.
Finally, you have the option to change to the HTTP challenge and write a renewal/auth hook that, for example, automatically copies the challenge file to your web server over SSH or FTP.
Failed authorization procedure. paste.esigoto.info (http-01):
urn:acme:error:connection :: The server could not connect to the client to verify the domain ::
Fetching https://paste.esigoto.info.well-known/acme-challenge/QSKgOHDlcutSmrVE7yNHpvoLk:
Error getting validation data
I don’t understantd why https://paste.esigoto.info.well-known and no https://paste.esigoto.info/.well-known.