I do see your point on the mixed validation types - not 100% certain on that either.
But I'm certain certbot
will skip and continue processing other certs that needs to be renewed.
I do see your point on the mixed validation types - not 100% certain on that either.
But I'm certain certbot
will skip and continue processing other certs that needs to be renewed.
Mixing validation types would only be possible if there was already a valid authz for certain hostnames with challenge type X, but certbot uses challenge type Y for the remaining hostnames without a valid authz. This was actually a bug where certbot would error out when it retrieved a valid authz with a challenge type it wasn't using itself.
In any case, it is not possible, as far as I know (and I'm pretty certain) to have a renewal configuration file with more than one authenticator. That is the issue here: the manual authenticator. Challenge type isn't really the question here: certbot sees a renewal file with the manual authenticator without any manual-auth-hook
set. Challenge type isn't the issue here and --allow-subset-of-names
doesn't fix anything.
And with that blow you have defeated your opponent: Check Mate!
Look at me, winning at chess for a change
I thought it might suppress the error. Maybe not though.
But how and why would it do that?
Because it internally allows certbot to continue when a validation error occurs (like not having a hook).
But that's no use when all the hostnames are going to use the same non-functional authenticator.
Certbot will just quit:
what about any remaining certs to be renewed? skipped or ?
Certbot should just continue with the rest.
Thanks for checking those.
There are just certain behavioral regions I don't see enough to know the outcome.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.