Confirm : Renew on wildcard

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.trinityerpnext.co.za

I ran this command:
sudo certbot certonly --manual --preferred-challenges dns

It produced this output:
N/A

My web server is (include version):
N/A

The operating system my web server runs on is (include version):
Ubuntu 20.04 LTS

My hosting provider, if applicable, is:
Digital Ocean ( I manage the VPS myself )

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.28.0

Good day all
Trust you are all well !

My post is not about a problem that I am experiencing. If I may take a moment of your time
just to verify that the process that I want to follow is correct.

The renewals I have done previously was on single-domain systems, but I have just received my
renewal notification for a wild-card domain coming up in 16 days.

My question:
In essence, my renewal process for wild-card domains is exactly as the way I created the certificate.
Would that be correct ?
I know its still 16 days but I don't want to leave it until the last moment .... there's lots of data on those
3 servers !!! :slight_smile:

This link that I found seem to suggest that ...
Let's Encrypt Wildcard Renewal Process (project-open.com)

Here then the procedure that I used when creating the site/certificate...

The install procedure I used .....
sudo apt-get remove certbot
sudo apt install snapd
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

To generate the Cert ....
sudo certbot certonly --manual --preferred-challenges dns

At this point I entered the "TXT" code that was created into a TXT record on my DNS-server.

The server runs ERPNext , so I had to modify this file ...
common_site_config.json

and then finally ...
bench setup nginx
sudo service nginx reload

Thank you for your time !

Yes.

Unfortunately, you can't simply use certbot renew, as that would require Certbot running non-interactively while the --manual plugin, without hooks, can only be run interactively. So the only way to renew is to re-run the command you've used to issue your certificate initially.

Ideally, you would be able to update the required RR in DNS using a DNS plugin or script using hooks.

3 Likes

Thank you so much @Osiris for taking the time !

I am all good and ready then to do my renewal !

ITs amazing how quickly 3 months goes by. It was just the other day that I converted all my single-domain servers to this multi-tenant-wild-card-domain setup. And now its already time to renew.

Best !

1 Like

That's another good reason to try to automate everything certificate related :wink: Depending on your DNS provider this is easy (see e.g. DNS providers who easily integrate with Let's Encrypt DNS validation) or more difficult. But not impossible.

3 Likes