Using Register4Less for DNS - wildcard? AutoRenew?

tymanthius · July 30, 2019, 2:30pm

I ran this command: - certbot renew

It produced this output:

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,)
Attempting to renew cert (graf.tymanthius.net) from /etc/letsencrypt/renewal/graf.tymanthius.net.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.’,). Skipping.

My web server is (include version):

nginx 1.1.03

The operating system my web server runs on is (include version):

Debian 9 running in a container on proxmox 6.

My hosting provider, if applicable, is:

Register4Less

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

0.28.0

So I set up certs for several sites that are all .tymanthius.net. I used manual. Wildcard doesn’t work as I apparently have to use DNS text to authenticate.

What I’m asking is if anyone knows of an automated way to set up with Register4Less?

Thank you!

JuergenAuer · July 30, 2019, 3:01pm

Hi @tymanthius

why isn't it possible to use http-01 validation? It's a normal domain, so there should be an open port 80 with a redirect http -> https.

Read

Then you don't need a dns-challenge API.

tymanthius · July 30, 2019, 3:05pm

Very good question which I should have addressed above!

b/c my actual sites are on a small server at home, using residential internet and my ISP blocks port 80 incoming, but not 443.

JuergenAuer · July 30, 2019, 3:44pm

That's bad. Then you have to use dns validation.

But if Register4Less doesn't support an API, you have two options:

use --manual (or)
create CNAME entries like

_acme-challenge.graf.tymanthius.net -> other domain, other domain provider

then you need another domain with another domain provider and you have to create the TXT entry on that other domain. The domain provider must have an API.

Perhaps check acme.sh, there are a lot of dns providers supported.

tymanthius · July 30, 2019, 3:47pm

Bleck. That’s a PITA. I think right now doing it manual every 60-90 days may be easier. lol

system · August 29, 2019, 3:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.