Certbot renew throws an error

It looks like you used --manual to issue the wildcard certificate for wfgdc.ca.

The consequence of doing this is that you cannot automatically renew the certificate.

Automatically renewing wildcard certificates generally require that you use a DNS provider that provides a programmatic interface/API to deploy TXT records. I don’t think that domainsatcost/rebel.com meet the requirements to make this possible.

You have some choices to resolve this:

First is to manually re-issue the certificate:

certbot certonly --cert-name "wfgdc.ca" -d "wfgdc.ca" -d "*.wfgdc.ca" \
--manual --preferred-challenges dns-01

Alternatively, you could try changing DNS providers to a DNS host that supports renewing wildcard certificates automatically. You can find some choices in this thread.

Finally, consider whether you really need a wildcard certificate to begin with. If you can get away with not using one, you can avoid this entire problem and use normal HTTP-based renewal, like you’ve done with your other domain.

3 Likes