How could I manually get certificate and after install it iwth apache?


#1

I need to get certificate manually (because I need wildcard certificate) and after that install it to apache.
I run this command:
certbot certonly --manual -d *.amgmedia.ru --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
it works fine but it only GET certificate.
How could I install it after that?


How could I renew certificate that get manually?
#2

Using certonly only gets the cert and it does nothing else for you.
You would need to do the rest for yourself or rerun the command without certonly.
Maybe try also adding the root domain this time:
certbot --manual -d "*.amgmedia.ru" -d amgmedia.ru --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory


#3

and also I need to add “-i apache” parameter
after that it works

And what should I do if I need to renew certificate?
Do I need again to update DNS record?


#4

Yeah. You’ll need to repeat the process again and go to your apache virtual hosts and change the certificate / key referrence to the matched path…

This is needed because manual certificates without appropriate scripts can’t be renewed automatically.

Thank you


#5

So the only way to update is manual?


#6

Yes. Currently, certbot’s renew function is designed to run in timer / cron jobs and complete challenge, update certificates automatically, which does not allow you to manually add DNS entries.(However, this might change in the future.)

If you have an script that could connect to your DNS provider’s API endpoints and automatically update the required DNS records, you could use --manual-auth-hook to specify it.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.