I assume that in your scenario, the certbot renew is running on those web hosts after they've already gone live?
Just asking because I noticed in the certbot docs that using the manual method doesn't support renew (unless you use hook scripts, via --manual-auth-hook and --manual-cleanup-hook). Other alternative is just to use the manual method again when it comes time to renew.
The scenario I'm thinking of is where the server is private but has a public DNS name, so the DNS TXT Challenge is the only option. (original cert and renewals). For automation, perhaps the certbot could run on the DNS (bind) server, and part of the cleanup/deploy hook script could push the new cert to the private server.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I assume that in your scenario, the
certbot renewis running on those web hosts after they've already gone live?Just asking because I noticed in the certbot docs that using the manual method doesn't support renew (unless you use hook scripts, via
--manual-auth-hookand--manual-cleanup-hook). Other alternative is just to use the manual method again when it comes time to renew.The scenario I'm thinking of is where the server is private but has a public DNS name, so the DNS TXT Challenge is the only option. (original cert and renewals). For automation, perhaps the certbot could run on the DNS (bind) server, and part of the cleanup/deploy hook script could push the new cert to the private server.