Unable to Auto Renew a wildcard certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mabdulm.com, *.mabdulm.com

I ran this command: sudo certbot renew, acme.sh --renew -d mabdulm.com --force

It produced this output:

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is: Oracle Cloud

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Hello, I already have SSL certificate running on this domain. It will expire in 9 days. I have renewed it at least twice manually by using command "sudo certbot certonly --manual -d 'mabdulm.com,*.mabdulm.com'". I want to configure it to auto renew but none of the ways worked and manual method takes at least an hour as TXT record takes a lot of time.

Welcome @Abdul12

First, you got a wildcard cert as recent as Mar17 which expires in 32 days but you are using an older cert you got on Feb21 which expires in 9 days like you say.

To get a wildcard cert you must use the DNS Challenge. To automate that you must be able to use an API to make the needed TXT record that you have done by hand. It looks like you are using NameSilo (yes?).

If so, it looks like acme.sh supports that. See link here

Or, you could try this fairly new extension to certbot which provides a link to the lego ACME client and its DNS providers which also includes NameSilo.

You might also look at the Apache mod_md feature. It also supports DNS Challenges although I don't know much about that. (more info here)

If you don't absolutely need a wildcard you could use the HTTP Challenge instead. Then, you just request a cert for the specific DNS names you use. An HTTP Challenge is often much easier to automate. I see you have a wildcard in your DNS so I assume you need one but that isn't always that case.

Let us know if you need further help and what method you prefer.


Using the force without proper jedi training is ill-advised.


Thank you so much, The DNS Api of acme.sh worked for me. Yes, I am using NameSilo.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.