Wildcard certificate support for non plugin DNS providers?

whereismymind · June 12, 2020, 9:46am

Hello. I have a domain that’s been registered using a registrar that does not have a convenient plugin available for DNS configuration. When trying to generate a wildcard SSL certificate, it will not present me with a DNS challenge that I can then go and manually create in my providers control panel.

Can someone please advise how I can generate a wildcard certificate for this domain?

My domain is:
ls.al

user@host:~/certbot$ ./certbot-auto certonly --preferred-challenges dns -d *.ls.al
Requesting to rerun ./certbot-auto with root privileges…
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/nginx/ssl/ls.al.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/nginx/ssl/ls.al.crt’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

How would you like to authenticate with the ACME CA?

1: Nginx Web Server plugin (nginx) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
None of the preferred challenges are supported by the selected plugin
user@host:~/certbot$

My web server is (include version):
Nginx

The operating system my web server runs on is (include version):
Debian 10

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don’t know):
Y

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
N

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version
certbot 0.31.0
(Installed via apt-get)

./certbot-auto --version
certbot 1.5.0
(Installed via git)

JuergenAuer · June 12, 2020, 9:54am

Hi @whereismymind

add the --manual option.

See

https://certbot.eff.org/docs/using.html

_az · June 12, 2020, 10:16am

If you are running this command exactly and Certbot is throwing errors involving nginx, try adding --manual as @JuergenAuer suggested.

--preferred-challenges might not be sufficient to override the default authenticator for your system ,in that case.

system · July 12, 2020, 10:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.