I just spent the last ... Oh, I don't know. Two hours(?) trying to renew my certificate for squeakie.club. Let's Encrypt is deprecating the TLS-SNI-01 validation scheme (and by deprecating I mean removing completely by March 19th 2019), and evidently my site was (then) using that scheme. I spent the whole time trying to figure out why I was getting a 404 from the output, and I still don't know why. Either way I fixes the problem by switching to DNS-01 and that worked. It was defaulting to HTTP-01 and that wasn't working at all because who the fuck knows what any of this does rite lmao
With all that out of the way, I can get to the point of all this: Inconsistent results. The DNS-01 method needs to have a TXT record for your server (idky), and it worked the first time. I tried it again just to make sure (because I have used computers long enough to know that, no, it won't work the next time, even if you try it the first six times) and- “oh look mudkipfucker is posting again” — that one meme describing how i feel about this. The output said it was 404ing again. Even though it just worked before. I pressed 'up' to repeat the command. I changed nothing about the input. But lo and behold, it does not work. I tried it again after using 'webroot' alongside the dns method, and of course it [rightfully] errored. I tried the working command again (but this time without
--dry-run so I could have a chance to see it renewed again because I was beyond tired trying to make this work by now) and it works.
So why does it 50/50 break and not break? Who The Fuck Knows But Let's Encrypt Is Broken As Fuck Thanks For Coming To My TED Talk
tl;dr: I used certbot to try and renew my cert via the dns-digitalocean plugin and it would work the first time, then not work the second time with a 404. evidently using another (or even incorrect) command after would let you do it again. but then it would fuck up again. 50/50 chances that it works, it seems.