Ask how to automatically renew a wildcard certificate
I have Server Name Server 1, Name Server 2, and Web server.
You want to use this to automatically renew your wildcard certificate.
Is there a good way?
Hi @JeongHaeHong,
How did you originally obtain the certificate? (Or are you just wondering about how this will work in the future?)
Do you have a DNS provider that lets you make DNS zone updates using an API?
./venv/bin/certbot -d mydomain, *. mydomain --email my@email.com --text --agree-tos --server https://acme-v02.api.letsencrypt.org/directory - manual - priority-challenges dns --expand --renew-by-default --manual-public-ip-logging-ok certonly
The above command was used when generating the certificate.
The ns1 server and the ns2 server are the servers that I manage, and there are various api provided by letsencrypt. I do not know what api should be used. Please help me. T.T.
If the nameservers support nsupdate/RFC2136 (such as BIND or PowerDNS), you can use an auth hook to automatically update your nameservers with the required validation records. This would allow automatic renewal too.
Here’s one project I found that has written the auth hooks for Certbot already: https://github.com/zyberzero/certbot-rfc2136
There’s also an official RFC2136 plugin for Certbot, but it might not be available on your platform, depending on how you install/run Certbot: https://certbot-dns-rfc2136.readthedocs.io/en/latest/
1 Like
정말 고맙습니다. Thank you very much!!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.