• Bug#1038920: My steps to resolve this.

    From Phil Endecott@21:1/5 to All on Sun May 4 20:20:01 2025
    Having just hit this issue, here are some notes for anyone else in a
    hurry to fix it before their certificates expire:

    1. I have a Gandi API token, which is deprecated but still works. I've
    not attempted to fix that yet.

    2. I'm running Debian 12.10 with automatic updates. I currently have python3-certbot-dns-gandi version 1.4.3-1.

    3. I first modified my /etc/letsencrypt/gandi.ini to: dns_gandi_api_key=abcdefghijklmn

    4. For each domain, I then modified two lines in /etc/letsencrypt/renewal/DOMAIN.conf to:
    authenticator = dns-gandi
    dns_gandi_credentials = /etc/letsencrypt/gandi.ini

    5. For each domain, I then ran
    letsencrypt renew --cert-name NAME
    where NAME == DOMAIN in my case, but may not always be so.

    This has worked for me. I don't know if it will now successfully
    automatically renew in future.

    It would be great if some of this happened automatically.

    Note this change has coincided with Lets Encrypt deciding to stop
    sending out domain expiry emails.
    I only knew that something was wrong because of those emails, and would
    have missed it if it had
    happened in a few weeks time.

    I hope this is useful to someone who finds this bug when searching for
    the error message that
    I found in the log file.


    Regards, Phil.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)