Manual update of wildcard certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.just.asking.a.question

I ran this command:
sudo letsencrypt certonly --manual --preferred-challenges=dns --email foo@foo.fu --agree-tos -d ..just.asking.a.question

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for blablbla

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: Y

Please deploy a DNS TXT record under the name
_acme-challenge.blablabla with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue

Now I am waiting for my dns registrar to perform I can continue with the procedure.
Can upgrading a wildcard certificate be automated?
Do you have a partner that provides and install certificates also in iis or do I have to convert them with
openssl pkcs12 -export -out windowsimport.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
and then install them?
Kindest Regards, You are amazing.

Welcome to the Let’s Encrypt Community :slightly_smiling_face:

Let’s see what we can do for you… :thinking:

It sounds like you are familiar with the dns-01 challenge process necessary for wildcard certification, so I won't unnecessarily prompt for technical support information.

If by "upgrading" you mean "renewing" then yes, it is possible to automate dns-01 challenges. You would either need to utilize an API of some kind provided by your dns provider (e.g. registrar) or CNAME the challenge name (_acme-challenge.just.asking.a.question) to a different domain that can provide such an API. This is how acme-dns works.

This would typically be performed by the "certificate installation" step of the windows acme client that you are using. You may need to update/upgrade your client to get this functionality.

1 Like

You may need to update/upgrade your client to get this functionality.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.