This shows that you used --manual or its equivalent when you originally got your certificate. Is your certificate a wildcard? Do you know why you chose to use the manual method?
The manual authentication method requires an interactive renewal every time in which you repeat the same process that you originally used to obtain the certificate. It may not be the best choice for you if you have alternatives.
Yes, my certificate is wildcard, and I used the manual interactive method.
What is your advice to renew the wildcard on the current manual way?
Or, what is our recommendation to re-install the certificate using the automatic method?
By Let’s Encrypt policy, wildcard certificates can only be obtained if you prove your control of the domain by creating DNS records. (Other options are available for non-wildcard certificates.)
This can be automated if your DNS provider has an API that allows DNS records to be created by software. Do you know if this is the case for your environment? Who is running your DNS server?
I control the DNS manually on AWS domain zone control panel, and I did that DNS records when I issued the wildcard certificate. I do not know if (and how) the AWS offer API that allow DNS records to be created by software.
My questions are:
1- Whats other options are available for non-wildcard certificates
2- Do you know if AWS has that API you referred to know?
For non-wildcard certificates, you can prove your control of a domain name by receiving an inbound web connection on your web server. This is usually much easier to automate.
It seems that it does if you choose to use the Amazon Route53 service.
Certbot and acme.sh (among other clients) have support for the Route53 API.
If you're not using Route53, I don't know how to automate wildcard certificate issuance using Certbot with DNS hosted on AWS, unless you create a CNAME for the _acme-challenge DNS record to some other DNS zone hosted on a different provider that also offers a compatible DNS API.
