Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: t7.vc and leat.xyz
I ran this command:certbot certonly --webroot --preferred-challenges=dns and certbot certonly --webroot
It produced this output:
C:\PROGRA~2\Certbot>certbot certonly --webroot
Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.t7.vc t7.vc *.leat.xyz leat.xyz
Requesting a certificate for *.t7.vc and 3 more domains
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
C:\PROGRA~2\Certbot>certbot certonly --webroot --preferred-challenges=dns
Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.t7.vc t7.vc *.leat.xyz leat.xyz
Requesting a certificate for *.t7.vc and 3 more domains
None of the preferred challenges are supported by the selected plugin
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nodejs
The operating system my web server runs on is (include version): windows 10
My hosting provider, if applicable, is: namecheap
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.24.0
I have been waiting a long time for wildcard certs but cant seem to get them to work if I dont add the wildcard it spits out the .pem files as expected.
Thanks for the reply, I just now noticed I had actually had this same problem a year or more ago and posted it Error with wildcard on windows.
I also just noticed the reply, it seems from the reply back then that I would have to go through the namecheap API and program something myself? Or is there some way to get the dns-01 challenge to work already that I can use?
I'm still pretty confused how to actually get the wildcards working? Should I not be using the --webroot or the --standalone plugin and trying --manual? I'm going to try reading through more of the documentation from the reply I got last year tonight and hope that helps.
Ok thanks, is there a provider that has an API that certbot already works with? I would switch from namecheap if that's the case I've been wanting wildcards for years.
You should also review some of the other Windows ACME clients.
Like: CertifyTheWeb.com, Posh-ACME, and the latest version of Certbot
Look for the one that can integrate with your DSP.
If none can... then maybe it is time to switch DSPs.
Ok so for now I will check out other ACME clients, but for the record if swapping to linux is also easy enough for me then I could use the DNS plugin which doesnt work on windows without using another DSP or ACME client?
Maybe this has changed but NameCheap does not allow automated API updates to DNS records unless you have a qualifying account which requires some fairly large annual spend.
Switching to linux means needing a suitable DNS provider to get a wildcard cert. And then using a client which supports that DNS provider.
My earlier link was DNS plug-ins for Certbot which work on Linux. The later topic shows 3rd party options. There are also clever options like acme-dns. But, easiest to use a DNS provider with a plug-in (with certbot or whatever other ACME client you prefer there are lots)
Darn ok I think I'm just to pleb for wildcards for now. I'll read more about it but it looks like I might just not be able to get my wildcard certs for free, at least not on namecheap then.. I have some workarounds that are annoying for now.
If it says "FREE" then I can swap to them and eventually set up wildcards by using certbot dns plugin + linux for example (if it says its compatible with certbot too) and not pay a lot like I would with namecheap?
I'd second this - Cloudflare works well for free basic domain DNS hosting (and optionally as a domain registrar, it's easy to transfer to them), plus they have a bunch of additional features that are useful such as web firewall and DDoS protection etc.
if I dont add the wildcard it spits out the .pem files as expected.