Error with wildcard on windows

My domain is: leat.xyz

I ran this command: certbot certonly --standalone

It produced this output:

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.leat.xyz, leat.xyz
Requesting a certificate for *.leat.xyz and leat.xyz
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.|

My web server is (include version): Node.js -> Haraka

The operating system my web server runs on is: Windows 10

I can login to a root shell on my machine: Yes

I'm using a control panel to manage my site : Yes

The version of my client is: 1.21.0

Hi this is the first time I've ever tried a wildcard cert as before it wasn't an option, thanks very much!!! I did try to find an answer to my question but its been over an hour so I decided to get help since the above happens when I try :(. non wildcarded certs are working fine for me.

Let's Encrypt mandates usage of the dns-01 challenge for wildcard certificates. See Challenge Types - Let's Encrypt for more info.

The --standalone plugin you're currently using does not support the dns-01 challenge. You should use a DNS plugin for that (see User Guide — Certbot 1.21.0 documentation and/or User Guide — Certbot 1.21.0 documentation) or use the --manual plugin (see User Guide — Certbot 1.21.0 documentation). Note that the manual plugin can be automated using --manual-auth-hook and --manual-cleanup-hook (see User Guide — Certbot 1.21.0 documentation). Automation is obviously highly recommended!

I see your domain is hosted on NameCheap, correct? Certbot itself does not have a DNS plugin for NameCheap, although I did find a third party (not listed in the third party plugin table) with aid of Google: GitHub - schubc/certbot_dns_namecheap: Certbot plugin to provide dns-01 challenge support for namecheap.com. However, that same plugins readme does mention the NameCheap API is only available when a user meets a few conditions such as "have at least 20 domains under your account" and having spent at least $ 50 the last year.. Probably not something a regular user does? That said, that repository hasn't been updated for 3 years now, so perhaps things have changed.. For better (maybe Namecheap has relaxed their API requirements) or for worse (perhapse the plugin doesn't work any longer..)

See Intro to API for Developers | Namecheap.com for more info about the NameCheap API. The requirements above aren't listed there literally, so maybe you're in luck.

Also I noticed that the ACME client acme.sh also has a DNS plugin for NameCheap. Note that acme.sh currently defaults to the ZeroSSL certificate authority and you'll need to use some extra options to use Let's Encrypt.

Edit: that NameCheap plugin for certbot is HELL. Doesn't work on my system. Depends on ancient libraries. Not worth the effort if you'd ask me.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.