Skip certs with manual plugin from certbot renew

I do see your point on the mixed validation types - not 100% certain on that either.

But I'm certain certbot will skip and continue processing other certs that needs to be renewed.

1 Like

Mixing validation types would only be possible if there was already a valid authz for certain hostnames with challenge type X, but certbot uses challenge type Y for the remaining hostnames without a valid authz. This was actually a bug where certbot would error out when it retrieved a valid authz with a challenge type it wasn't using itself.

In any case, it is not possible, as far as I know (and I'm pretty certain) to have a renewal configuration file with more than one authenticator. That is the issue here: the manual authenticator. Challenge type isn't really the question here: certbot sees a renewal file with the manual authenticator without any manual-auth-hook set. Challenge type isn't the issue here and --allow-subset-of-names doesn't fix anything.

2 Likes

And with that blow you have defeated your opponent: Check Mate!

1 Like

:dark_sunglasses: Look at me, winning at chess for a change :stuck_out_tongue:

3 Likes

I thought it might suppress the error. Maybe not though.

1 Like

But how and why would it do that?

2 Likes

Because it internally allows certbot to continue when a validation error occurs (like not having a hook).

1 Like

But that's no use when all the hostnames are going to use the same non-functional authenticator.

Certbot will just quit:

2 Likes

what about any remaining certs to be renewed? skipped or ?

1 Like

Certbot should just continue with the rest.

2 Likes

Thanks for checking those. :slightly_smiling_face:

There are just certain behavioral regions I don't see enough to know the outcome.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.