SSL Auto-renewal On Windows 10 Machine Not Working

I am using Windows 10 OS with OpenSSL, ZeroSSL to issue and auto-renew my SSL. The first issue was perfect and I never removed the DNS TXT records considering they would be needed for auto-renew for it turned out to be a failure.

I am running a script for auto-renew, everything works great except it asks me to update my DNS TXT records with new values which breaks the process automation.

Kindly suggest.

OpenSSL v1.1.1c
ZeroSSL v0.33

Script:
rem le64.exe --key C:\SSL\account.key --csr C:\SSL\my.tableauserver.com.csr --csr-key “C:\SSL\my.tableauserver.com.key” --crt “C:\SSL\my.tableauserver.com.crt” --domains “my.tableauserver.com” --generate-missing --renew 10 --issue-code 100 --handle-as dns --live

Hi @shareef009

if you use dns validation and if you have created the required TXT entries manual, you have to create the new TXT again manual.

Then you can't use automation.

PS: What's your real domain name? my.tableauserver.com doesn't exist.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
my.tableauserver.com Name Error yes 1 0
www.my.tableauserver.com Name Error yes 1 0

How did you set the records in the first place? In essence, the client can be automated in terms of DNS verification in 2 ways:

a) Using a -delayed mode, when the client sets up challenges and exits, then you run “something” that sets up the necessary records and then the client is run again without delayed mode (so previously set up challenges, which are expected to be now satisfied by whatever you ran, are now used).

b) Using a DNS plugin, which can be easily modified to run the process setting up the necessary records, such as dnscmd for example (see the commented line with a ‘system’ call in that plugin). Note that you do not need to install anything to use that plugin with le64.exe, you just put it into the same folder with the client for example and use an additional parameter with your command - -handle-with DNS.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.