In order to revew Let's Encrypt wildcard certificates (via not HTTP-01 challenge but DNS-01 challenge) with certbot, all what to do is to follow th...
For further actions, you may consider blocking this person and/or reporting abuse
The second domain (the one without the wildcard) is no longer necessary, if you type it, certbot will ask for two challenges for the same record so it will fail, it should be just like this:
# certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.<your-domain>"
Hello, Juan. Thank you very much for your information 😃
Well, excuse me but I wonder why I succeeded in renewing with multiple
-d
options of subdomains and domain last week. Therefore, I don't know if I should edit my posts...🤔Would you mind if I ask some official documentation or release information? I'm sorry I couldn't find anything in eff.org, letsencrypt.org and certbot.eff.org.
I'm not sure if it's documented in any other site, it's just that happened to me. I remember your command worked for me some months ago, but this time (yesterday) only had to do the wildcard one.
Juan, thank you again for the detail. I understand what happened.
I'll try by myself again in a couple of weeks and check the result 😉
@jgutix
Hello, I have finished my latest trial 😃 It was successful today.
I got the same messages you put as image above. I prepared 2 DNS TXT records, waited for a while and then pressed Enter.
Is it possible DNS propagation affects your results: failure first and success next? Hmm, I know, however, you succeeded some months ago. it's just one of my suppositions... 🤔
@nabbisen forgot to update this, so it turns out it didn't actually renew the root cert, only renew the wildcard since that's the one I ran the command for. This means I had to run twice, one for each wildcard and root domains. But you're saying you only ran the same one? But how so if the DNS record is the same with different values? Maybe you update your post to explain that process, I for one don't know how to do it.
@jgutix
Hello. I'm sorry for my late reply.
As I wrote in my post:
I used two
-d
options at the same time. For example, it wascertbot ... -d "*.some.domain" -d some.domain ...
.Does it mean to "run twice, one for each wildcard and root domains" as you wrote🙂?
Hi,
is it possible to renew wildcard domain automatically without dns intervention?
Hi, Edi,
@daniel15 kindly told me there is help named "acme-dns" :)
The overview described in github repository is:
Relatively, it seems more difficult than to use
certbot renew
and cron.Besides, I haven't used it yet because I'm moving to OpenBSD's acme-client.
Heddi, thanks for sharing your tutorial. Reading trough the manual, doesn't seem like the openbsd acme-client supports DNS challenge. Any thoughts?
Hello, Rafael.
Sorry that I knew little about non-http-01 challenges with OpenBSD's
acme-client
.You might be perhaps right. acme-client's documentation says:
According to the original writer, Kristaps, it had
-t
option to use custom challenges, but they were "too system-specific to provide in a safe manner".Thanks!
LetsEncrypt have revoked around 3 million certs last night due to a bug that they found. Are you impacted by this, Check out ?
DevTo
[+] dev.to/dineshrathee12/letsencrypt-...
GitHub
[+] github.com/dineshrathee12/Let-s-En...
LetsEncryptCommunity
[+] community.letsencrypt.org/t/letsen...