Hello
Where to find a sample or documentation about hook script (--manual-auth-hook)?
My question is about wildcard domains renewal with authentication.
Certbot decribes ...use hook script (--manual-auth-hook) as
"...
NEXT STEPS:
This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date."
It will tell you to create a TXT record having a long identifier string:
Please deploy a DNS TXT record under the name:
_acme-challenge.thisdomain.com.
with the following value:
IqgzXGiLCDa2s6PeRIMISrVzFNpY49SP08g
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.thisdomain.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
This session will wait patiently (up to 6 hours, I think) while you create the TXT record.
Now log into your DNS provider.
Select the desired domain
Create a new record:
Type=TXT name=_acme_challenge value= IqgzXGiLCDa2s6PeRIMISrVzFNpY49SP08g
Now start checking to see if the TXT record has “propagated”: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.thisdomain.com
check back every 5 minutes or so. When you see your TXT record in the googleapps window, go back to the session where you ran the certbot command and press enter.
Done.
But, if at all possible use one of the available plugins as @linkp noted if available for your DNS provider.
There are other ACME Clients that support even more DNS API. Something like acme.sh or lego support a large variety and are both in github ACME Client Implementations - Let's Encrypt
Not done at all I'm afraid. OP asked for AUTOrenewal, which is NOT possible with the completely manual steps you're currently advising (and which OP probably already knows how to do).
At this point, code at first part is configuration of what, where to find.
(Please see me as a dummy, 20+ years past last time i worked about linux servers and SDNS etc.)
TLDR;
i could get cetficate for 10+ wildcard ssl one by one and it succeeded by DNS 01 challenge.
The problem is about renewal, in first step i did not bother bc i have 3 months time period for to care. Them i am awared last notice about hook script.
I checked certbot Pre and Post Validation Hooks documetation but it assumes i am experienced/kownledged about all and everything.
Then "write my own manual auth hook" shouldn't be something you're even considering. As both Link and Mike have recommended, use one of the existing plugins, whichever matches your DNS provider. If there isn't a plugin that matches your DNS provider, and you actually need wildcard certs, give serious thought to switching DNS providers to one that does have a plugin--Cloudflare is pretty popular.