Let’s Encrypt wildcard certificates with Certbot’s DNS plugins

Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server now are not available in some official repository.
IF you don’t want to wait, you can use these plugins now by use certbot from source.

Get and prepare certbot v0.24.0 from source

#/usr/bin/env bash
git clone https://github.com/certbot/certbot
cd certbot
git checkout -b v0.24.0
sudo ./certbot-auto --os-packages-only
./tools/venv.sh
exit 0

Clear old certificate if exist

#!/usr/bin/env bash
sudo rm -rf /etc/letsencrypt/archive/{Your old domain}
sudo rm -rf /etc/letsencrypt/live/{Your old domain}
sudo rm -rf /etc/letsencrypt/renewal/{Your old domain}
exit 0

Create cloudflare API key file and chmod to 0600

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = your_cloudflare_api_key

Issue a new wildcards certificate

#!/usr/bin/env bash
source {Path to certbot source}/venv/bin/activate

CBOT=$(which certbot)

${CBOT} certonly \
--server "https://acme-v02.api.letsencrypt.org/directory" \
--rsa-key-size 4096 \
--agree-tos \
--email {[email protected]} \
--preferred-challenges dns-01 \
--dns-cloudflare \
--dns-cloudflare-credentials {Path to your cloudflare API key file} \
-d {*.your.domain}
exit 0

Renew with certbot

#!/usr/bin/env bash
source {Path to certbot source}/venv/bin/activate

CERT_BOT=$(which certbot)

${CERT_BOT} renew \
--rsa-key-size 4096 \
--agree-tos \
--email {[email protected]}
nginx -s reload

exit 0

 

โซเชียล

Kawin Viriyaprasopsook

System administrator at Zercle Technology Co., Ltd.
System admin กากๆ
รักในการเล่นเกม
ชอบดู Anime ญี่ปุ่น
โซเชียล

One Reply to “Let’s Encrypt wildcard certificates with Certbot’s DNS plugins”

Leave a Reply