As many have experienced, wildcard automatic renewals are not working. Where we used to have “certbot renew” to just take care of everything, that no longer works.
My goal then is to have it work again without touching our current cronjobs so let’s get started.
lets encrypt wildcard instructions
pkg install py37-certbot-dns-rfc2136
tsig-keygen -a HMAC-SHA512 acme-update
add contents to named.conf from above command
EXAMPLE: named.conf
key “acme-update” {
algorithm hmac-sha512;
secret “my long ass secret with double quotes”;
};
//test.com
zone “test.com” {
type master;
file “master/test.com”;
update-policy {
grant “acme-update” name _acme-challenge.test.com TXT;
};
};
pico /usr/local/etc/letsencrypt/rfc2136.ini (add the following for certbot)
dns_rfc2136_server = 5.5.5.5 (PUT YOUR IP ADDRESS)
dns_rfc2136_name = acme-update
dns_rfc2136_secret = mylongasssecret
dns_rfc2136_algorithm = HMAC-SHA512
chmod 600 /usr/local/etc/letsencrypt/rfc2136.ini
certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /usr/local/etc/letsencrypt/rfc2136.ini --server https://acme-v02.api.letsencrypt.org/directory --email admin@test.com --agree-tos --no-eff-email --domain 'test.com' --domain '*.test.com'
Congratulations, for now on your normal “certbot renew” command in your cronjob will work like it did before.
I have fun with, cause I discovered just what I was looking for. Betteann Kele Teryn
Loving the info on this website, you have done great job on the content. Joete Maxie Mazel
Thank you for your article post. Much thanks again. Fantastic. Dre Dwight Archambault
There is definately a lot to learn about this topic. I really like all of the points you have made. Morganica Theodor Korten
Way cool! Some extremely valid points! I appreciate you writing this article and also the rest of the website is also really good. Hulda Kermit Babcock
Thanks for the article. Thanks Again. Much obliged. Kirstyn Arty Sabian
It is in point of fact a great and helpful piece of info. Britteny Richard Mima