How do I set up a wildcard certificate without using the manual flag?

For my domain, mamacafejapan.com, I set up a wildcard certificate using the following command on an AWS EC2 instance (Amazon Linux 2 AMI) running an Apache web server (version 2.4.52) and using Certbot version 1.11.0:

sudo certbot -d mamacafejapan.com -d *.mamacafejapan.com --manual --preferred-challenges dns certonly

As part of the process, I added DNS TXT records from my Google Domains control panel to handle the challenges.

The wildcard cert works correctly, but I later discovered that if you use the --manual flag, then you can't automatically renew the certificate, which makes things inconvenient.

How can I set up a wildcard certificate without using the --manual flag so that I can auto-renew the certificate? Thank you.

1 Like

I have not used the google domains DNS plug-in myself but does this help?
https://certbot-dns-google.readthedocs.io/en/stable/#welcome-to-certbot-dns-google-s-documentation

2 Likes

Just an FYI, there's a distinction between Google Cloud DNS and DNS hosted via Google Domains. The plugin @MikeMcQ linked is for the former and will not work with Google Domains. My understanding is that there is no API to manipulate records in DNS hosted by Google Domains.

3 Likes

Thanks for correction.

2 Likes

Alternatively you could run a service such as acme-dns and set up the appropriate CNAME in Google Domains just once.

2 Likes