Certbot wildcard rental does not change the validity date

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:bigshowtrucks.com

I ran this command:
sudo certbot certonly --manual -d *.bigshowtrucks.com -d bigshowtrucks.com
--email abhijit@sunnycal.com --agree-tos
--preferred-challenges dns-01
--server https://acme-v02.api.letsencrypt.org/directory

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for *.bigshowtrucks.com and bigshowtrucks.com
Performing the following challenges:
dns-01 challenge for bigshowtrucks.com
dns-01 challenge for bigshowtrucks.com


Please deploy a DNS TXT record under the name:

_acme-challenge.bigshowtrucks.com.

with the following value:

LEfqcLsabbPit_ueo3X0y1jNjnfqChwcXUoB_I32IcY


Press Enter to Continue


Please deploy a DNS TXT record under the name:

_acme-challenge.bigshowtrucks.com.

with the following value:

La39u0-uGV4M-OjAo5INefHk0SWtWAFfUFCBM__8NhM

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: Dig (DNS lookup).
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.


Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/bigshowtrucks.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/bigshowtrucks.com/privkey.pem
    Your certificate will expire on 2021-08-10. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again. To non-interactively renew all of your
    certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no, using ubuntu shell

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.15.0

https://www.ssllabs.com/ssltest/analyze.html?d=bigshowtrucks.com

2 Likes

Hi @Abhijit

that's

Certbot wildcard rental does not change the validity date

expected if you use

Did you restart your webserver?

3 Likes

Thanks a ton JuergenAuer, I had missed such a important thing. It worked like charm after web server restart.

Like to know is there way to automate wildcard certificate renewal / generation?

1 Like

That depends if your DNS provider provides an API for adding/removing records in a way somehow compatible with certbot.

2 Likes

You use GoDaddy.

D:\temp>nslookup -type=NS bigshowtrucks.com.

Nicht autorisierende Antwort:
bigshowtrucks.com nameserver = ns48.domaincontrol.com
bigshowtrucks.com nameserver = ns47.domaincontrol.com

Certbot hasn't a dns plugin. But acme.sh has one.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.