I’d been waiting for certbot 0.22 to be published in order to be able to use wildcard certificates. So finally today I checked again, lo and behold, it was there and ready.
In preparation for 0.22 to be available, I had tried a few things not realizing 0.21 didn’t have the feature yet. With that in mind, I had come up with the following command that I thought would work:
certbot renew --server https://acme-v02.api.letsencrypt.org/directory --nginx -d *.evie.codes -d *.omnic.xyz -d *.evie-banned.me
From this I got the following error:
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
Ok I thought, let’s try
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --nginx -d *.evie.codes -d *.omnic.xyz -d *.evie-banned.me
I got the following logs:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address: <redacted> Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org <Agree/Cancel on ToS, I agreed> <Yes/No on sharing email with the EFF, I agreed> Starting new HTTPS connection (1): supporters.eff.org Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS. <Above line duplicated (this one in white, first one in red)> <Important Notes>
I also tried
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --webroot -w /root/wordpress -d *.evie.codes -d *.omnic.xyz -d *.evie-banned.me but got the same as above, minus the 2 questions and the “important notes”.
Note that I’m hosting this on an OVH VPS, my research into the user guide leads me to believe, from this error message, I would “have” to modify the DNS to include a TXT entry, but all plugins available are for other hosts, there doesn’t seem to be a manual one. My domain is registered on name.com for reference.
Is there an easy way out of this so I can get wildcards?