certbot-dns-google is used to create the TXT records automatically in GCP, correct? Since I created them manually, I don't need certbot-dns-google. How do I uninstall it? I was not understanding what
```certbot-dns-google what is used for. Please correct if I am wrong.
If you are using --manual you do not need certbot-dns-google
I don't know how you installed it but you would just reverse that process.
However, you don't need to uninstall it. It won't be used if you don't specify it on Certbot command line
It takes space and I would like to uninstall it. Is there a command to do it?
I installed using this command:
sudo snap install certbot-dns-google
snap's docs are at Canonical's snapcraft site
The remove
and other management instructions are below
https://snapcraft.io/docs/quickstart-tour#remove-a-snap
Thanks for the suggestion. How do I add wildcard to an existing certificate that has subdomains?
I have 2 certificates now. How do I delete one and add the one with wildcard to apache conf?
Found the following certs:
Certificate Name: recordspreservation.org-0001
Serial Number: 3b64c4c860b1929cd313bc5630e2b1f6a96
Key Type: ECDSA
Domains: recordspreservation.org *.recordspreservation.org
Expiry Date: 2024-11-01 20:20:10+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/recordspreservation.org-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/recordspreservation.org-0001/privkey.pem
Certificate Name: recordspreservation.org
Serial Number: 48622aab188ab2ecfb5429c4c78533764d7
Key Type: ECDSA
Domains: recordspreservation.org images.recordspreservation.org thumbnails.recordspreservation.org www.recordspreservation.org
Expiry Date: 2024-10-31 21:56:40+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/recordspreservation.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/recordspreservation.org/privkey.pem
If I read correctly, you are running apache2 on Debian 11.
So to create a wildcard certificate using certbot you will need to add a record in your dns zone file " _acme-challenge.recordspreservation.org" and your command will change slightly to envoke the "DNS challenge type"... Documentation includes a list of providers (google is on the list) and all the ins and outs of how to do obtain a wildcard cert:
https://eff-certbot.readthedocs.io/en/latest/using.html#dns-plugins
Thanks for your response. I am confused about what you mean by "reverse that process". What do I have to reverse?
To renew do I just issue this command?
sudo certbot renew -d [recordspreservation.org](http://recordspreservation.org) -d *.[recordspreservation.org](http://recordspreservation.org)
Do I need to upload the renewed certificate to the load balancer at Google Cloud CDN?
When renewing, just use:
sudo certbot renew
[there is no need to specify the names to be renewed]
You previously said that you must upload the certs manually. A Google Cloud forum / support is a better place to ask details of that.
Hi Mike,
I did upload the certificate once but do I need to do it again after renewal?
Thanks,
-Marcos
Certificate renewals are new certificates.
So, yes; You will have to upload the newly renewed cert after each renewal.
[and you may have to also then restart/reload the service using the cert]
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.