Looking into using automated certbot. My host name is not the same as my domain. I’m wondering how is my subdomain.domain.com define when using the automated shell scripts.
Can I just wildcard it so the one cert will work on a couple of my subdomains so I won’t have to run 2 or 3 shells for each subdoamin ?
Which part of the process are you trying to automate?
certbot already does a pretty good job of setting things up for automated renewals…
Once you have obtained your certs, all you should have to do is run certbot renew
And possibly some hooks (like: --deploy-hook)
Do I get the cert manually first, set it up in my apache site conf file and then certbot takes over or do I need to add the domain name to some certbot conf file
certbot certonly will let you enter domain name you want to request certificate and you need to install it by yourself manually. (Paste into Apache vHost and reload Apache etc....)
certbot -apache will let you choose from a list of vHosts (that has domain) and request & install certificate automatically. (Which means less work for you)
However, if you want to request wildcard certificates, run certbot certonly or certbot manual .(since you would need to request certificate using DNS validation) and you would need to determine if you DNS provider support API (and if certbot could automate with your DNS provider)
You only need to get the cert correctly.
In the most desirable way - like without having to stop and then start your web service.
Get that process right and every renewal will be done the exact same way.
Yeah true - I'm going to try it (certbot) with a little used server at work which I already installed certbot on but never tried running it. I did create a wild card with SSLForFree.com and installed it. - I also plan on inserting the wildcard into a Lotus Notes server running on windows