Self-validate mechanism

Koni · March 1, 2017, 2:23pm

Hi All,
i have an ubuntu 16.04 Server, he hosts some domains, for example www.kiss-kat,de.
I have a configuration on the server with sslh and openvpn, sharing Port 443.
All works fine, also the letsencrypt configuration and certificates.

The only thing, that does not work ist the self-validating at renewals:

$letsencrypt renew

forces me always to manually copy the validating-files into
/var/www/…domainname…/.well-known/acme-challenge

If i copy the file manually, the renewal works.

In the debug-file i found that lines:

2017-03-01 14:55:47,357:INFO:letsencrypt.cli:Cert is due for renewal, auto-renewing…

2017-03-01 14:55:47,357:DEBUG:letsencrypt.cli:Requested authenticator manual and installer none

2017-03-01 14:55:47,358:DEBUG:letsencrypt.display.ops:No candidate plugin

2017-03-01 14:55:47,358:DEBUG:letsencrypt.display.ops:Single candidate plugin: * manual

Description: Manually configure an HTTP server

Interfaces: IAuthenticator, IPlugin

Entry point: manual = letsencrypt.plugins.manual:Authenticator

Initialized: <letsencrypt.plugins.manual.Authenticator object at 0x7f2b7c886dd0>

Prep: True

So my idea is, that there is a paramter, that Self-verify always manualy.

i discovered a line in in /etc/letsencrypt/renewal/www.kiss-kat.de.conf

authenticator = manual

Maybe, that is my problem ?

What value do i need to automaticaly Self-verify ?

Or how do i switch to Self-verify ?

regards
Koni

Osiris · March 1, 2017, 2:37pm

Looks like you got the certificate with the manual plugin in the first place. With all the copying et cetera.

Let's Encrypt currently needs you to verify the certificate again after 60 days of the most recent verification. Therefore, if you requested the cert with the manual verification plugin, you need to repeat that every time.

You probably want to automate the issuing of the cert in the first place. If that's working well, renewal consequently will too.

See the documentation for more info: User Guide — Certbot 2.7.0.dev0 documentation

Koni · March 1, 2017, 4:44pm

Thanks for your help.
now i created new certificates without --manuall

I thinks, new renewal will be automatically.

schoen · March 1, 2017, 10:13pm

In order for this to happen, please make sure that something on your system is also running certbot renew (or letsencrypt renew) regularly, normally from cron.

system · March 31, 2017, 10:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.