Is there a way to run this command without user interaction?
The reason is that I would like to programatically add additional subdomains.
The ideal way would be using a wildcard, but there isn't a plugin I can use for this at the moment so ideally looking for a way to run the above command programatically without user interaction.
I don't really understand, the command you've stated can be ran without human interaction already? Or do you mean you're currently asked to specify an authenticator?
root@myserver:~# certbot certonly -d site1.mydomain.com,site2.mydomain.com,site3.mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/site1.mydomain.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for site1.mydomain.com
http-01 challenge for site2.mydomain.com
http-01 challenge for site3.mydomain.com
http-01 challenge for site4.mydomain.com
http-01 challenge for site5.mydomain.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/site1.mydomain.co/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/site1.mydomain.co/privkey.pem
Your cert will expire on 2021-06-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@myserver:~#
Please see the documentation linked above: it provides all the command line options you require, such as providing the apache plugin for authentication.
Please DON'T renew and replace an already existing with exactly the same domains: this is unnecessary and only adds to the load of Let's Encrypts systems and can lead to you hitting a rate limit. The only reason I can think of is if you add for example the "must staple" option to the certificate. But if the certificate is exactly the same: please use an already existing certificate or use the staging environment.