Adding subdomains where subdomains are directed load balancing

certbot-dns-google is used to create the TXT records automatically in GCP, correct? Since I created them manually, I don't need certbot-dns-google. How do I uninstall it? I was not understanding what 
```certbot-dns-google what is used for. Please correct if I am wrong.

If you are using --manual you do not need certbot-dns-google

I don't know how you installed it but you would just reverse that process.

However, you don't need to uninstall it. It won't be used if you don't specify it on Certbot command line

4 Likes

It takes space and I would like to uninstall it. Is there a command to do it?

I installed using this command:

sudo snap install certbot-dns-google

snap's docs are at Canonical's snapcraft site

The remove and other management instructions are below
https://snapcraft.io/docs/quickstart-tour#remove-a-snap

5 Likes

Thanks for the suggestion. How do I add wildcard to an existing certificate that has subdomains?

2 Likes

I have 2 certificates now. How do I delete one and add the one with wildcard to apache conf?

Found the following certs:
Certificate Name: recordspreservation.org-0001
Serial Number: 3b64c4c860b1929cd313bc5630e2b1f6a96
Key Type: ECDSA
Domains: recordspreservation.org *.recordspreservation.org
Expiry Date: 2024-11-01 20:20:10+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/recordspreservation.org-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/recordspreservation.org-0001/privkey.pem
Certificate Name: recordspreservation.org
Serial Number: 48622aab188ab2ecfb5429c4c78533764d7
Key Type: ECDSA
Domains: recordspreservation.org images.recordspreservation.org thumbnails.recordspreservation.org www.recordspreservation.org
Expiry Date: 2024-10-31 21:56:40+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/recordspreservation.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/recordspreservation.org/privkey.pem


If I read correctly, you are running apache2 on Debian 11.
So to create a wildcard certificate using certbot you will need to add a record in your dns zone file " _acme-challenge.recordspreservation.org" and your command will change slightly to envoke the "DNS challenge type"... Documentation includes a list of providers (google is on the list) and all the ins and outs of how to do obtain a wildcard cert:
https://eff-certbot.readthedocs.io/en/latest/using.html#dns-plugins

4 Likes

Thanks for your response. I am confused about what you mean by "reverse that process". What do I have to reverse?

To renew do I just issue this command?
sudo certbot renew -d [recordspreservation.org](http://recordspreservation.org) -d *.[recordspreservation.org](http://recordspreservation.org)
Do I need to upload the renewed certificate to the load balancer at Google Cloud CDN?

When renewing, just use:
sudo certbot renew
[there is no need to specify the names to be renewed]

4 Likes

You previously said that you must upload the certs manually. A Google Cloud forum / support is a better place to ask details of that.

5 Likes

Hi Mike,
I did upload the certificate once but do I need to do it again after renewal?
Thanks,
-Marcos

1 Like

Certificate renewals are new certificates.
So, yes; You will have to upload the newly renewed cert after each renewal.
[and you may have to also then restart/reload the service using the cert]

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.