I do see your point on the mixed validation types - not 100% certain on that either.
But I'm certain certbot will skip and continue processing other certs that needs to be renewed.
1 Like
Mixing validation types would only be possible if there was already a valid authz for certain hostnames with challenge type X, but certbot uses challenge type Y for the remaining hostnames without a valid authz. This was actually a bug where certbot would error out when it retrieved a valid authz with a challenge type it wasn't using itself.
In any case, it is not possible, as far as I know (and I'm pretty certain) to have a renewal configuration file with more than one authenticator. That is the issue here: the manual authenticator. Challenge type isn't really the question here: certbot sees a renewal file with the manual authenticator without any manual-auth-hook set. Challenge type isn't the issue here and --allow-subset-of-names doesn't fix anything.
2 Likes
And with that blow you have defeated your opponent: Check Mate!
1 Like
Look at me, winning at chess for a change 
3 Likes
I thought it might suppress the error. Maybe not though.
1 Like
But how and why would it do that?
2 Likes
Because it internally allows certbot to continue when a validation error occurs (like not having a hook).
1 Like
But that's no use when all the hostnames are going to use the same non-functional authenticator.
Certbot will just quit:
2 Likes
what about any remaining certs to be renewed? skipped or ?
1 Like
Certbot should just continue with the rest.
2 Likes
Thanks for checking those. 
There are just certain behavioral regions I don't see enough to know the outcome.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.