Let's Encrypt: Renew Wildcard Certificate With Certbot

In order to revew Let's Encrypt wildcard certificates (via not HTTP-01 challenge but DNS-01 challenge) with certbot, all what to do is to follow the same process of the first time.
Just run:

 

$ certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.<your-domain>" -d <your-domain>

 

The result begins with:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator manual, Installer None

Cert is due for renewal, auto-renewing...

Renewing an existing certificate

Performing the following challenges:

dns-01 challenge for <your-domain>

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

and then is followed by:

Please deploy a DNS TXT record under the name

_acme-challenge.<your-domain> with the following value:




<txt-record-value-given>




Before continuing, verify the record is deployed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Press Enter to Continue

 

Write <txt-record-value-given> into the DNS TXT record named "_acme-challenge" of the domain.
After a while, press Enter.
The result is:

Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/<your-domain>/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/<your-domain>/privkey.pem Your cert will expire on 2019-10-08. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

Now it's done :)

Besides, if you use:

$ certbot renew

the error occurs:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/<your-domain>.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.

The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)

Attempting to renew cert (<your-domain>) from /etc/letsencrypt/renewal/<your-domain>.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.

The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.

Tags: