Yes.
I us gandi.net for my domain management. They offer automation using an API-Key.
I therefore ran apt-cache search gandi on my freedombox.
I found that there is python3-certbot-dns-gandi and installed it
sudo apt-get install python3-certbot-dns-gandisudo vi /etc/certbot-plugin-gandi/gandi.iniand put in there
certbot_plugin_gandi:dns_api_key=APIKEY (i replaced APIKEY with my own one).then running
certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini -d mysub.mydomain.infoyes. thats what it looks like
I’m aware. I’m also surprised that this worked. To better understand what is going on, I just ran
sudo certbot renew Result
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysub.mydomain.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
The following certs are not due for renewal yet:
/etc/letsencrypt/live/mysub.mydomain.info/fullchain.pem expires on 2020-06-11 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -so it looks like letsencrypt saves some stuff so that it can attempt renewals.
I assume also freedombox / plinth did not renew the cert but skipped the renewal. But it then continued to (successfully) install the cert.
Not sure I agree. If I manage to change the renewal config in such a way that it validates using the gandi plugin it should work, right? (as long as freedombox / plinth just does a “certbot renew” and nothing else fancy).
Thanks a gain for your patience I’m learning quite a bit right now!
[Edit: fixed formatting and one typo]