Unable to renew expired wildcard certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: milknmore.org

I ran this command:
sudo certbot certonly --cert-name *.staging.milknmore.org --cert-name *.milknmore.org --cert-name milknmore.org --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.staging.milknmore.org *.milknmore.org milknmore.org
Requesting a certificate for *.staging.milknmore.org and 2 more domains
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

  1. Using nginx server
  2. Using static site hosting (no server) - aws s3
  3. Using netlify static site hosting too

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
yes, (crazydomains)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.16.0

Hi @ananth-minions and welcome to the LE community forum :slight_smile:

Wildcard certs require DNS authentication.
As such, you need to include a DNS plugin or use --manual authentication to make the required DNS changes manually during each request (not recommended).

1 Like

I wrote a possibly too-long and too-detailed article about this a few days ago.

(@ananth-minions, @rg305's answer is correct, so you only need to look at my article if you want more information or more context)

Thank you so much @rg305
That saves my day!

love the solution 3000 times :slight_smile:

1 Like

and one last question, Do i need to upload the latest certificates again! (manually)

Thank you @schoen for the useful information. :slight_smile:

1 Like

What shows?:
certbot certificates

Sorry for delayed response.

Step 1: After re-requesting the certs for expired ones with --manual authentication as you mentioned, i've got certificates in a different folder (may be due to the order of names that I've provided).
Step 2: Then I copied them to my servers with a shell script. (I did this as Im generating cetification in my local machine because, i need to the certificates in two different servers with different sub-domains )
After step2 everything worked.


certbot certificates shows me the paths for all the certificates in my machine (which are generated with certbot)

1 Like

If certbot certificates shows any certs that you are no longer needing, then you can remove them with:
certbot delete --certname 'name-shown'

1 Like

Oh, thank you. I initially thought they will be used in process of renewing certificates
It helps me :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.