Confirm : Renew on wildcard

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *

I ran this command:
sudo certbot certonly --manual --preferred-challenges dns

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.04 LTS

My hosting provider, if applicable, is:
Digital Ocean ( I manage the VPS myself )

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.28.0

Good day all
Trust you are all well !

My post is not about a problem that I am experiencing. If I may take a moment of your time
just to verify that the process that I want to follow is correct.

The renewals I have done previously was on single-domain systems, but I have just received my
renewal notification for a wild-card domain coming up in 16 days.

My question:
In essence, my renewal process for wild-card domains is exactly as the way I created the certificate.
Would that be correct ?
I know its still 16 days but I don't want to leave it until the last moment .... there's lots of data on those
3 servers !!! :slight_smile:

This link that I found seem to suggest that ...
Let's Encrypt Wildcard Renewal Process (

Here then the procedure that I used when creating the site/certificate...

The install procedure I used .....
sudo apt-get remove certbot
sudo apt install snapd
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

To generate the Cert ....
sudo certbot certonly --manual --preferred-challenges dns

At this point I entered the "TXT" code that was created into a TXT record on my DNS-server.

The server runs ERPNext , so I had to modify this file ...

and then finally ...
bench setup nginx
sudo service nginx reload

Thank you for your time !


Unfortunately, you can't simply use certbot renew, as that would require Certbot running non-interactively while the --manual plugin, without hooks, can only be run interactively. So the only way to renew is to re-run the command you've used to issue your certificate initially.

Ideally, you would be able to update the required RR in DNS using a DNS plugin or script using hooks.


Thank you so much @Osiris for taking the time !

I am all good and ready then to do my renewal !

ITs amazing how quickly 3 months goes by. It was just the other day that I converted all my single-domain servers to this multi-tenant-wild-card-domain setup. And now its already time to renew.

Best !

1 Like

That's another good reason to try to automate everything certificate related :wink: Depending on your DNS provider this is easy (see e.g. DNS providers who easily integrate with Let's Encrypt DNS validation) or more difficult. But not impossible.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.