Manual update of wildcard certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.just.asking.a.question

I ran this command:
sudo letsencrypt certonly --manual --preferred-challenges=dns --email foo@foo.fu --agree-tos -d ..just.asking.a.question

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for blablbla


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: Y


Please deploy a DNS TXT record under the name
_acme-challenge.blablabla with the following value:

lvOhcYFK5QlhWbiSnKV7YXJ7-Jr5owg2WxF2P4OrZvIaA

Before continuing, verify the record is deployed.


Press Enter to Continue

Now I am waiting for my dns registrar to perform edits.so I can continue with the procedure.
Can upgrading a wildcard certificate be automated?
Do you have a partner that provides and install certificates also in iis or do I have to convert them with
openssl pkcs12 -export -out windowsimport.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
and then install them?
Kindest Regards, You are amazing.

Welcome to the Let’s Encrypt Community :slightly_smiling_face:

Let’s see what we can do for you… :thinking:

It sounds like you are familiar with the dns-01 challenge process necessary for wildcard certification, so I won’t unnecessarily prompt for technical support information.

If by “upgrading” you mean “renewing” then yes, it is possible to automate dns-01 challenges. You would either need to utilize an API of some kind provided by your dns provider (e.g. registrar) or CNAME the challenge name (_acme-challenge.just.asking.a.question) to a different domain that can provide such an API. This is how acme-dns works.

This would typically be performed by the “certificate installation” step of the windows acme client that you are using. You may need to update/upgrade your client to get this functionality.

1 Like

You may need to update/upgrade your client to get this functionality.

Gotcha!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.