Renew wildcard cert

  • certbot 0.31.0
  • HA-Proxy version 2.0.12-1~bpo10+1 2019/12/21

Good Morning,

I have a wildcard certificate created with the following command and it has been running for 2 months without problems:

certbot certonly --manual -d * .mydomain.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https: // acme- v02.api.letsencrypt.org/directory

The fact is that before I had a HAproxy with normal certificates (not wildcard) and renewed them without problems with a script, but this does not work with the wildcards:

#! / bin / sh

certbot renew

WILDCARD_mydomain = mydomain.com

cd / etc / letsencrypt / live / $ WILDCARD_mydomain
cat fullchain.pem privkey.pem> /etc/haproxy/certs/$WILDCARD_mydomain.pem

Is there any way to renew them automatically using scripts?

Thanks greetings!

1 Like

No, not using DNS manual mode. To renew the cert automatically, certbot must have a way to automatically update your DNS records, which it doesn't with the invocation you've given. You'll need to see if there's a certbot hook script available for your DNS host, consider using another client like acme.sh with better DNS support, or look into running acme-dns to handle your validation tokens.

1 Like

You used “–manual” for the first installation of the certificate. You had to put the challenge(s) into the DNS manually. For the automatism you have to update the DNS automatically, via a script. All this depends on the interface for your DNS update.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.