It looks like you used --manual
to issue the wildcard certificate for wfgdc.ca
.
The consequence of doing this is that you cannot automatically renew the certificate.
Automatically renewing wildcard certificates generally require that you use a DNS provider that provides a programmatic interface/API to deploy TXT records. I don’t think that domainsatcost/rebel.com meet the requirements to make this possible.
You have some choices to resolve this:
First is to manually re-issue the certificate:
certbot certonly --cert-name "wfgdc.ca" -d "wfgdc.ca" -d "*.wfgdc.ca" \
--manual --preferred-challenges dns-01
Alternatively, you could try changing DNS providers to a DNS host that supports renewing wildcard certificates automatically. You can find some choices in this thread.
Finally, consider whether you really need a wildcard certificate to begin with. If you can get away with not using one, you can avoid this entire problem and use normal HTTP-based renewal, like you’ve done with your other domain.