Hi, I tried to renew - this always used to work in the past, and nothing has changed… I run my sites in a docker container, so I simply execute the renewal command using docker exec into the container - same as I’ve always done.
TLS-SNI-01 validation, used by the Apache plugin, is currently disabled by Let's Encrypt for security reasons.
It may require a little setup, but you can use HTTP-01 validation with the Apache installer.
Version 0.4.1 is pretty old. I don't remember exactly, but I think the Python dialog error thing is a bug with displaying errors that was fixed in a more recent version of Certbot.
--renew-by-default was renamed to --force-renewal. They're equivalent. You should almost never need to use them, since they can cause unnecessary and excessive renewals.
Thanks. This led me down the path to fixing. I needed to use the webroot method as I was doing this on the docker container where my apache2 service was already running.
What I did to resolve:
Update my Dockerfile to include adding of apt repository for certbot, and installation of certbot in the image.
brought my container down and up again with a rebuild using docker-compose
certbot latest version now available inside the container
ran certbot command listed in the thread linked above, using the webroot method, and passing in multiple domains + multiple webroot paths for the .well-known files to sit in. Importantly, if you get any one of those paths wrong, the entire cert renewal will fail, so all of them need to be correct and work.
After this my renewal worked, and I now have an up-to-date custom docker image too with latest certbot.