I’m trying to get some answers from the documentation to no avail.
Let’s say you’re running certbot for a multiple level domain like this:
certbot ... -d domain.com *.domain.com *.sub.domain.com ... --manual-auth-hook "myscript.sh"
I understand that myscript.sh will be called 3 times with env variables:
CERTBOT_DOMAIN and CERTBOT_VALIDATION
Now, let’s focus on the call for validating *.sub.domain.com:
Do I need to set a TXT record on _acme-challenge.sub.domain.com or on _acme-challenge.domain.com?
What is it going to be the global variable CERTBOT_DOMAIN for myscript.sh for validating *.sub.domain.com?
Thanks
EDIT: CERTBOT_DOMAIN is "sub.domain.com "
1 Like
rg305
December 20, 2019, 8:59am
2
Yes.
1 Like
Yes to what option?
_acme-challenge.sub.domain.com
or
_acme-challenge.domain.com
Also, what’s going to be CERTBOT_DOMAIN ?
Thanks!
rg305
December 20, 2019, 9:03am
4
A request for both of those would require TWO _acme-challenge TXT records:
_acme-challenge.domain.com
_acme-challenge.sub.domain.com
So, yes, it's not an "a" OR "b" question.
1 Like
OK, great.
Now, how is myscript.sh going to know that I need to set _acme-challenge.sub .domain.com?CERTBOT_DOMAIN be sub.domain.com when called for validating *.sub.domain.com?
Thanks again
1 Like
rg305
December 20, 2019, 9:07am
6
I’m not 100% certain - but it is NOT “domain.com ”sub.domain.com ”.
Perhaps you can test with --staging / --dry-runecho %var% >> log.file to your script and see what value is there
1 Like
CERTBOT_DOMAIN doesn't include the "*.".
In that case, it would be "sub.domain.com".
3 Likes
system
January 19, 2020, 1:48pm
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.