Wildcard certs on Ubuntu 16.04 is STILL impossible?


#1

Ubuntu 16.04 with Apache 2.4 is surely a common platform.

Yet after renewing wildcard certs manually for most of a year and spending an hour searching the net for solutions, I cannot find a way to accomplish what should be a common need: to renew wildcard certificates other than manually. Really?

I just wasted time figuring out my required BIND DDNS config to interface with certbot, and now it seems I can’t actually get a plugin installed to work with it? Which i didn’t realize wasn’t part of certbot-auto already - “help” command line argument implies that is IS available.

Is there a way to install the dns-rfc2136 plugin to certbot-auto? I’m quite willing to do some manual work here but I need some hints. Or no Ubuntu PPA that can solve this basic and what is surely a common use case?


#2

certbot-auto unfortunately doesn’t package any of the DNS plugins. :slightly_frowning_face:

The official Certbot PPA packages several of them, including the dns-rfc2136 plugin. :slightly_smiling_face:

https://launchpad.net/~certbot/+archive/ubuntu/certbot

sudo apt install certbot python3-certbot-apache python3-certbot-dns-rfc2136


#3

…or, of course, use a client with really strong DNS support like acme.sh.


#4

Thanks. Now I have the same problem as reported all year, here:


specifically the random error reported by creativetags on Mar 5] (https://github.com/certbot/certbot/issues/5651#issuecomment-370479698)

Thank you for your suggestion regardless.


#5

Thank you! I forgot about the other clients and will look at this.


#6

I put a thread in “Servers” which describes getting LE, BIND, DNSSEC, acme.sh,
and wildcards working on Ubuntu 18.04. It might help you with your situation.