I’ve recently renewed a wildcard SSL for my domain vinayhegde.info via the certbot-auto utility due to issues with the certbot package on my System. You can find the command that I ran & it’s output
sudo /path-to-/certbot-auto certonly --manual -d vinayhegde.info -d “*.vinayhegde.info” --agree-tos --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Now I’m looking to automate its renewal every 90 days via a script that I’ll use via a crontab on my server to run at periodic intervals and I’ve a few questions regarding the same:
Since I had to pass two flags in the domains on generation because a wildcard SSL doesn’t cover the root domain, I had to create two TXT records for LetsEncrypt validation. Is this necessary every time?
Also, my DNS is managed via Cloudflare and after searching around, I found this post that has an embedded link to a blog post on how to proceed via API calls to most DNS providers create those TXT records & delete them as well. Is this the way to go when we renew the SSL via the above command in the certbot-auto utility or are there any other alternatives (read: easier)?
The script in point 2 has two arguments that can be passed create OR delete but it seems as if only the former is explicitly defined. What actually happens when we issue the delete argument?
Do let me know if I can provide any more information.
Thanks & cheers,