What is the replacement for the LE renewal python BaseHTTPServer script?

Help
1

It seems like built-in support for the very handy python BaseHTTPServer script has been removed, which appears to eliminate support for manual renewal on a different host.

This command doesn’t actually instantiate a temporary webserver it seems:

sudo certbot renew --manual --preferred-challenges=http --manual-auth-hook ~/scripts/authenticator.sh --manual-cleanup-hook ~/scripts/cleanup.sh

Can someone share what certbot command can be run that actually hosts a temporary HTTP server on port 80 to fulfill the renewal process via HTTP?

Script that used to be used/mentioned during manual renewal/request:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
2

The command to start an HTTP server from Certbot is called --standalone instead of --manual (--manual means that you, the user, have responsibility for taking the actions necessary to satisfy the challenge).

3

Thanks for that. So would my renewal command look like this?

sudo certbot certonly --standalone --preferred-challenges=http --manual-auth-hook ~/scripts/authenticator.sh --manual-cleanup-hook ~/scripts/cleanup.sh -d website.domain.tld

4

Oh, were you using the Python script in the --manual-auth-hook script before?

You can’t use --manual-auth-hook and --manual-cleanup-script with --standalone, because they’re specific to --manual.

5

Indeed, certbot can run the server for the authentication itself with the standalone plugin. There’s no need to script this yourself.

If authenticator.sh is only for this temporary webserver, you can leave it out when using standalone. Does cleanup.sh do anything else besides doing things for the authentication? If not, you can leave that out too and just use standalone without the hook & script commands for the manual plugin.

6

thanks! Fortunately, I was able to manually run that old script to get my renewal done.

I’ll probably try to get this working with the newer option in a few weeks, depending on rate limits and my need to install it manually where needed (currently).

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.