i’m working an a certbot script to automate my renewals.
my locally-managed setup includes ‘preferred-challenges = dns’ & ‘authenticator = dns-rfc2136’.
cert gen is trivial, with
certbot -c $conf/cli.ini \ certonly \ --csr $csrs/request.ec.csr.der \ --cert-path $certs/cert.ec.crt.pem \ --chain-path $certs/intermediate_ca.ec.crt.pem \ --fullchain-path $certs/fullchain.ec.crt.pem
cat cli.ini non-interactive = true agree-tos = true email = "firstname.lastname@example.org" duplicate = true expand = true manual-public-ip-logging-ok break-my-certs = true hsts = true must-staple = true redirect = true rsa-key-size = 4096 staple-ocsp = true uir = true preferred-challenges = dns authenticator = dns-rfc2136 dns-rfc2136-credentials = "/sec/le/rfc2136.creds" dns-rfc2136-propagation-seconds = 60 work-dir = /var/lib/letsencrypt logs-dir = /var/log/certbot max-log-backups = 0
as for deployment/install, since i’m using dns auth, apparently “run” & its install hooks don’t function.
it’s easy enough to manually deploy the generate certs to my remotes outside of certbot.
now, i’m trying to get a certbot instance on those remotes to renew the live/deployed certs.
for that, iiuc, I need to feed certbot the domain’s “Renewal Configuration File”.
but, one’s not generated in the ‘certonly’ step; There’s no relevant “…/renewal/” DIR that I can find.
how do I force the creation of “Renewal Configuration File” for a domain?
or, where’s the doc for manually creating one, and pointing ‘renew’ at it?