Hello – for some reason, email to the address that had been working fine forever doesn’t seem to get to me from CertifyTheWeb all of a sudden. I even had to use a different one to sign up for this support account because it seems mail from there (the activation email for a new account here, for example) and probably from elsewhere isn’t getting to that address.
The bad thing about this is that I am absolutely certain that this means I missed the “change your TXT records to THIS” email that is so important for me to keep my site’s certificate alive, and it will expire in only four or five days now, so I really need to know what to change the TXT records to, and then use CTW to renew the cert before it’s too late.
I have looked around and I can’t seem to find any way (I hope I’m just missing it) for me to ask for the email to be sent to me again (at the updated address which I changed in CTW’s settings area now). Help??
I would urge you to stop using manual DNS (we only provide that method for testing, as stated in the UI when you select it) and move to either http validation or use an automated DNS provider (either one we already have, script it, or use Certify DNS, or even your own acme-dns). If your renewal process relies on you receiving an email, it’s one more thing to go wrong and clearly it already has.
Our email go out using SendGrid, if they bounce then the addresses go on a permanent bounce list until they are manually removed. Sometime peoples systems reject SendGrid email because something somewhere reported the IP as spam to a block list. Without knowing your domain I can’t look it up to see what SendGrid says.
To force a manual DNS notification to go out again, click Request Certificate to start the renewal process again.
Thank you, @webprofusion – yes, I know; I’ve just been lazy lazy lazy and I do indeed need to move off manual (slaps own wrist…again). I will try “Request Certificate” and let you know if that’s all it takes. I appreciate the help.
@webprofusion - When I start to explore how to move off manual (I am SO not a network guy, so I really don’t know what to do and what you mean with your advice, which is why I haven’t done it yet), I see this:
@webprofusion - Thanks again for your help. By first DELETING my current TXT records and then doing a Request Certificate, it told me what NEW values to put in for new TXT’s, which I did, and then was able to get everything good for another 90 days.
I promise I’ll try to learn how to automate this so it’s not incumbent on me to do this every however long (but the 404 kinda makes that hard lol). Much obliged.
Great, you don’t need to delete the existing TXT records but it doesn’t hurt either. I’ll get that URL updated but you can obviously just browse to docs.certifytheweb.com and go from there.
With automated DNS validation all that’s really happening is the app uses whatever API your provider has (if they have one and we support it) to add/update the _acme-challenge TXT record for your domain/subdomain. That value is specified by the certificate authority (e.g. Let’s Encrypt) and it changes every time you renew.
Hi @webprofusion - When you say “you don’t need to delete the existing TXT records”, how could I have done it without doing that? Clicking “Request Certificate” when I had existing TXT records would only fail in a way that just told me (in the logs and the UI) what it saw, not what it WANTED to see. I’m very curious how you say I could have gotten the info I needed without first deleting the TXT records before clicking “Request Certificate” as only in that case (not finding any TXT named _acme-challenge) did the UI say “hey, add some with THESE values” which is the information I needed.
I do believe I found the docs page – “dns-validation” should be “dns/validation” in the modal. Now…if I can understand what it’s telling me to do (big if) I can get off manual. Thanks so much!!!
The manual dns process pauses at the challenge step to allow you to make the update, if you then click Request Certificate it will resume. So even if you don’t know the value it wants (which is also in the log) you could let it fail, then the next click of Request Certificate will start the process again with new values.
Hi – I guess I still don’t understand, because I sure don’t see it telling me what it expects being written in the logs. But I suppose it doesn’t matter, since (a) I found a way [with your help!] to get me another 90 days and (b) I’ve slapped my own wrist hard enough [with your encouragement] that hopefully this is the last time I face this issue.