Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: test.artsite.studio
I ran this command: certbot certonly --dns-linode --dns-linode-credentials ~/.secrets/certbot/linode.ini -d *.artsite.studio
It produced this output:
Unable to determine zone identifier for artsite.studio using zone names: ['artsite.studio', 'studio']
The operating system my web server runs on is (include version): Ubuntu 20
My hosting provider, if applicable, is: linode
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.8.0
I would just like to create the wildcard SSL cert for subdomains, but continue with Namecheap hosting the DNS records. How to create the SSL cert?
Well, if Namecheap is your DNS hoster, then using the --dns-linode plugin isn't going to work.
Using third party plugins you might get Certbot working with Namecheap, but please note that Namecheap has some certain requirements to actually get API access:
If you can add CNAME RRs to your Namecheap DNS zone, you might be interested in using acme-dns. Preferably you'd run an acme-dns instance yourself somewhere and point the _acme-challenge CNAME to the specific acme-dns instance. And then use acme-dns-client to make it work with Certbot.
Or somewhere run your own DNS server with RFC 2136 capabilities so you could use that plugin with your own DNS server in combination with a CNAME (or NS RR).
Create a second namecheap account and ask them to give it API access. In your main namecheap account, give the second namecheap account DNS permissions for your domains. Then use the certbot-dns-namecheap plugin.
Namecheap's API access is a security risk for automatic renewals, as it powers both DNS and registry functions. By using a second account with granular permissions, you avoid needing to run acme-dns or another system.
Namecheap had a 5minute long application level cache for a while, so you may need to wait 6 minutes between changing dns settings.
Thank you both. To clarify, my webserver is Linode, but I'm using namecheap for DNS.
I'm new to hosting on Linode, and LetsEncrypt. But I was able to create an SSL cert pretty easily for the root domain of artsite.studio, and that worked. But it sounds a lot more complex to do a wildcard.
Only in that it requires automating the DNS changes. But yes, many people find it easier to just get certificates for the specific names they're using, rather than trying to get a wildcard working.