As many have experienced, wildcard automatic renewals are not working. Where we used to have “certbot renew” to just take care of everything, that no longer works.
My goal then is to have it work again without touching our current cronjobs so let’s get started.
lets encrypt wildcard instructions
pkg install py37-certbot-dns-rfc2136
tsig-keygen -a HMAC-SHA512 acme-update
add contents to named.conf from above command
EXAMPLE: named.conf
key “acme-update” {
algorithm hmac-sha512;
secret “my long ass secret with double quotes”;
};
//test.com
zone “test.com” {
type master;
file “master/test.com”;
update-policy {
grant “acme-update” name _acme-challenge.test.com TXT;
};
};
pico /usr/local/etc/letsencrypt/rfc2136.ini (add the following for certbot)
dns_rfc2136_server = 5.5.5.5 (PUT YOUR IP ADDRESS)
dns_rfc2136_name = acme-update
dns_rfc2136_secret = mylongasssecret
dns_rfc2136_algorithm = HMAC-SHA512
chmod 600 /usr/local/etc/letsencrypt/rfc2136.ini
certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /usr/local/etc/letsencrypt/rfc2136.ini --server https://acme-v02.api.letsencrypt.org/directory --email admin@test.com --agree-tos --no-eff-email --domain 'test.com' --domain '*.test.com'
Congratulations, for now on your normal “certbot renew” command in your cronjob will work like it did before.