Hi, wanting to use let’s encrypt with a private ip, I used the command
env https_proxy="https://proxy.unige.ch:3128" \
certbot certonly --preferred-challenges dns-01 \
--authenticator manual \
--domain virtunix.unige.ch \
--manual-public-ip-logging-ok
This is working well.
But the automagically renew process failed, I’ve got:
# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/virtunix.unige.ch.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert from /etc/letsencrypt/renewal/virtunix.unige.ch.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/virtunix.unige.ch/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Trying to solve this, I have relaunched the certonly command instead of the renew. So somehow, I’m not able to test the renew command anymore
But, what I found suspect, is how can certbot knows that it should use https_proxy when doing the renew as my conf looks like:
# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/virtunix.unige.ch
cert = /etc/letsencrypt/live/virtunix.unige.ch/cert.pem
privkey = /etc/letsencrypt/live/virtunix.unige.ch/privkey.pem
chain = /etc/letsencrypt/live/virtunix.unige.ch/chain.pem
fullchain = /etc/letsencrypt/live/virtunix.unige.ch/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = manual
installer = None
account = 78f31fa68457a7390ae2f27ca8b6e16f
pref_challs = dns-01,
manual_public_ip_logging_ok = True
As you can see, there is no mention of https_proxy in it.