It produced this output:
cannot produce wildcard certs that we want referenced to install docker or plugin
My web server is (include version):
Apache
Reference past related thread:
The operating system my web server runs on is (include version):
Linux
My hosting provider, if applicable, is:
AWS ...
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): lastest certbot
Trying to get certbot set up to issue wildcard certs for toastmastersclubs.org and toastmastersdistricts.org along with automated renewal. Not sure how to best handle the DNS challenges... seems like we need to install a plugin... why? What is the plugin doing for us?
Ok, so you are saying that we should not use certbot for wildcard certs for this use case? I am a bit surprised given how much certbot seems to be promoted in these forums and on this website.
DNS plugins are one of Certbot’s current weaknesses, because the way they are packaged and distributed is a bit complicated.
It’s not impossible to use Certbot in this case, it’s just not straightforward. Somebody has even written a plugin for it, by the looks of it: https://github.com/Kjoep/certbot-dns-godaddy . No instructions, though.
you can use certbot to complete the DNS challenges
I believe currently for wildcards the DNS challenge is the only one that you can use (otherwise someone with access to your website could issue email certificates etc)
Certbot does come bundled with a bunch of scripts that can do the DNS challenge. The DNS providers currently supported are here: https://certbot.eff.org/docs/using.html#dns-plugins
As mentioned if your DNS provider is not on that list then you can use a custom script hook to add a TXT record.
Certbot will provide what record to add via the plugin interface
Hope this clears things up
Personally i have been using certbot to issue wildcards with the Cloudflare plugin for some time
To be clear, we really do not care which client we use to get the wildcard certs… I was just focused on certbot since that is what seemed to be promoted the most. However, if there is another approach that is simpler for our use case, I am interested in giving it a shot.
We just want the simplest approach that will allow us to issue the initial certs and set up the renewal scheme. We just want to essentially “set it and forget it”.