I don't know what I am doing

Hello All:
I am trying to create a wildcard cert for my domain to use on my unifi router and proxmox. I have never user used certbot at all.

I have been trying the following command but I know that I am wrong and do not have it setup right.
certbot certonly --standalone --dry-run -v -d "*.thecavehq.us"

Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Simulating a certificate request for *.thecavehq.us
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

I am using godaddy so I got the ote developer secret and key.
I tried the following command:
certbot certonly --standalone --dry-run --authenticator dns-godaddy --dns-godaddy-propagation-seconds 900 -v -d "*.thecavehq.us"
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-godaddy-propagation-seconds 900

I really don't know what I am doing. Can someone please let me know what I need to been trying.
RC

Hello @wcarterjr68, welcome to the Let's Encrypt community.

The only ACME Challenge type that supports wildcard is the DNS-01 challenge. Presently you are attempting a HTTP-01 challenge.

See also

https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins

I don't think you'll have much luck trying to issue a wildcard via GoDaddy using Certbot on Windows. It's currently not possible to install DNS plugins on Windows.

My suggestion would be to try get certificates for Proxmox and your Unifi device separately, and to avoid wildcard certificates. It will have the extra benefit of being automatically renewing in the future, so you won't have to repeat a manual process every 60-90 days.

Proxmox already has built-in Let's Encrypt support. You can read about how to do that at this link: Certificate Management - Proxmox VE. I use it for my Proxmox server, it works fine.

For the Unifi router, check out https://acme.sh. Depending exactly what device you have, you should be able to issue a certificate directly on the router (via the GoDaddy DNS support in acme.sh, if you want). Then, you can get acme.sh to perform the Unifi certificate installation automatically for you.

I think this is probably closer to the "ideal" way to use Let's Encrypt, as opposed to creating a certificate by hand and manually uploading it.

Here are a couple of potential pointer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.