04-25-2019, 01:34 PM
Addition regarding certificate renewal
I would like to use this post as an addition to the main post. This addition contains a rather important note regarding renewal of certificates issued through this guide and the used method.
The DNS challenge keys that are being set in step 3.3 and 3.4 do have a LIMITED VALIDATION PERIOD! The period is most likely equal to the lifetime of the issued certificate (90 days).
Today I noticed that the certificate for my site expired hours ago in the night. I logged into my server to renew the certificate. In an attempt to renew the certificate using the automatic renewal function of certbot I experienced that it didn't work and returned an error:
The error merely says that the automatic renewal failed and renewal has to be done manually.
To perform a renewal you have to repeat the whole step no. #3 every 90 days. Basically you remove the old DNS challenge DNS records, run the command to request the certificate, create the new DNS challenge DNS entries and get the new certificate after the DNS records are verified by the Let's Encrypt servers.
This was new for me. Before this new authentication challenge method the automatic renewal used to work despite having requested the certificates with the manual method.
I would like to use this post as an addition to the main post. This addition contains a rather important note regarding renewal of certificates issued through this guide and the used method.
The DNS challenge keys that are being set in step 3.3 and 3.4 do have a LIMITED VALIDATION PERIOD! The period is most likely equal to the lifetime of the issued certificate (90 days).
Today I noticed that the certificate for my site expired hours ago in the night. I logged into my server to renew the certificate. In an attempt to renew the certificate using the automatic renewal function of certbot I experienced that it didn't work and returned an error:
Code: (Select All)
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-
Attempting to renew cert (domain.ext) from /etc/letsencrypt/renewal/domain.ext.conf produced an unexpected error: The manua
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/domain.ext/fullchain.pem (failure)The error merely says that the automatic renewal failed and renewal has to be done manually.
To perform a renewal you have to repeat the whole step no. #3 every 90 days. Basically you remove the old DNS challenge DNS records, run the command to request the certificate, create the new DNS challenge DNS entries and get the new certificate after the DNS records are verified by the Let's Encrypt servers.
This was new for me. Before this new authentication challenge method the automatic renewal used to work despite having requested the certificates with the manual method.
![[Image: zHHqO5Q.png]](https://i.imgur.com/zHHqO5Q.png)