Hi everyone,
Im using the following command to generate a new certificate for my domain:
certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --domain DOMAIN
But im not getting the ACME-CHALLENGE and its value for adding it to my DNS records, i only get the fullchain.pem and the privkey.pem.
Any ideas for getting the ACME Challenge and its value?
Did you get a certificate using that method within the last 30 days?
Because Let's Encrypt caches successful validations for that long. Certbot won't prompt for new values if they are not needed for a fresh challenge.
You could add --dry-run to that command to use the Let's Encrypt staging system. Certbot invalidates the staging system's cache each time. You won't get a valid public cert with dry-run. It is only for testing flows.
If you got the cert, why do you need to run it again anyway?
I want to emphasize this. Using manual mode already means you're doing something weird and off the beaten path. What is your actual goal?
The thing is that i ran that command i got those 2 files, but not the challenge. And for another test i was doing yesterday i did get the challenge for adding it to my dns records.
My goal is to deploy a test application with a custom domain, but im not getting any txt record for adding it to my dns records.
Should probably be using --dry-run for testing.
But, I described the 30-day cache. Was this for same cert you got yesterday?
Show this
sudo certbot certificates
Why are you TESTING on a PRODUCTION server? Please use the staging environment for testing. (Which is automatically selected by the --dry-run option if you don't specify a --server option.)
I don't think he meant to test certificate issuance, but to get a production certificate for a public domain that he wants to test some web application on, which sounds reasonable. But I agree that manual mode is not the way to do this, unless there are custom hooks in place to automate the verification process.
@sfrippibm If you already did this before, your old challenge data might still be valid, so you can just leave it in the DNS untouched. If you're getting a fullchain.pem, I guess that means your request succeeded, because you can't get a certificate if you fail the challenge.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.