I ran this command:
python script:
certbot_cmd = “/usr/bin/certbot certonly --renew-by-default -d {} --manual --preferred-challenges dns”.format(domain)
self.logger.info(certbot_cmd)
f = open(‘spawn.log’,‘wb’)
child = pexpect.spawn(’/bin/bash’, [’-c’,certbot_cmd],logfile=f,timeout=300)
i = child.expect(’(Y)es/(N)o:’)
if i == 0:
child.sendline("Y\n")
i = child.expect("Press Enter to Continue",timeout=30)
It produced this output:
Waiting for verification…
Challenge failed for domain api.pay.425yx.com
dns-01 challenge for api.pay.425yx.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: api.pay.425yx.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.api.pay.425yx.com - check that a DNS record exists
for this domain
note: i already txt dns TXT record _acme-challenge.api.pay ,and gig ok with 8.8.8.8
My web server is (include version):
nginx 1.5
The operating system my web server runs on is (include version):
centos7.8
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.5.0
i challenges from linux terminal,i can challenge success with dns txt record
/usr/bin/certbot certonly --renew-by-default -d api.pay.425yx.com --manual --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for api.pay.425yx.com
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: y
Please deploy a DNS TXT record under the name
_acme-challenge.api.pay.425yx.com with the following value:
WqYDmisqiVqew441rKrhdNqsxFHiAoC_BGDFky-O8d4
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification…
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/api.pay.425yx.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/api.pay.425yx.com/privkey.pem
Your cert will expire on 2020-10-21. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
If you like Certbot, please consider supporting our work by:
You have created a valid certificate. So the problem is solved.
I don't understand your question.
PS: The screen of that edit form is a little bit buggy - so two parts. Scrolling isn't possible.
PPS: If someone has the same problem: Edit form - fullscreen, not possible to reduce the height. Solution: Hide preview, then it's possible to create a smaller window.
I don't know how to integrate the following with your Python script, but certbot uses the options --manual-auth-hook and --manual-cleanup-hook to point to a script which would put the TXT record into the zonefile (auth hook) and a script which would cleanup the TXT records after the challenge has been performed. See the certbot documentation about hooks for more info.
Also I'd like to add that using renew-by-default is NOT recommended for production use. I would also like to remind you to the staging environment, where testing like this should be done!
