Auto renewal of multiple domains?

My domain is:,

I ran this command: sudo ./certbot-auto certonly --manual --email (my email) --agree-tos -d *

It produced this output:

  • we will log your ip (y/n)
  • please put this dns record [long random string]

My web server is (include version): nginx 1.6.2

The operating system my web server runs on is (include version): raspbian 8.0

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yea

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.35.1

I have two certificates for my domain, one for the root and one for subdomains * While i only had one of these it auto renewed automatically (cronjob), but when i added the second, none of them are renewed. If i run the command manually, it challenges me to add a new dns record, which i have to do manually due to my setup.

I also aim to add a second domain,, into the mix.

How can i set up auto renewal for all three? Is it possible to do the dns thing only once? Can these sites (or at least the two for be combined into one certificate?


Hi @mushra,

Welcome to the community forum!

When using the DNS plugin, you’ll definitely want to use a DNS provider that offers an API so that you don’t need to manually configure any records. Automation and a manual step will eventually lead to badness.

Checking your NS records shows that your sites use Zonomi. I found their DNS API docs at Here’s an example of a person using the Dehydrated client with Zonomi.

Best of luck out there!


Hi @mushra supports the zonomi - API:


Hi both of ya! Thank you so much for pointing me in the right direction. I did not know zonomi did offer this api (and that people had implemented things towards it). Shame on me.

Just to be clear - it is indeed issuing new dns challenges on every renewal?

Yes. You are required to use a different challenge value every time you validate.

You don’t necessarily have to validate every time you issue a certificate, but authorizations are currently cached for only 30 days, so the caching is useless for a typical 60 day renewal schedule.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.