After struggling to renew my certs for the third time in a row, hopefully these pointers should keep me on track for the next time.
- Namecheap does not yet support automatic wildcard renewal for the Letsencrypt/Certbot combo. Check next year.
- Have your Namecheap control panel open and ready.
- Switch to
rootor run the command below with
- Command to renew:
certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 -d *.domain.com -d domain.com
certbotwill then, print a couple of lines that you need to add as a
TXTrecord in the Namecheap DNS control panel.
- When you do that, make sure you set the
TTLof the record, to a minute, so that you can redo stuff quicker, if you mess up.
certbotmight ask you to do multiple records. Read the instructions carefully.
- When you check to see if the
TXTrecord is set, search for the whole domain name. For e.g.
_acme-challenge.domain.blahinstead of just
- If you’ve done all of the above, hopefully things should go smoothly and the certificate should renew.
- Restart Nginx and you’re done.
- If you have multiple machines, figure out a way to securely transfer the certs there too.
P.S. Subscribe to my mailing list!
Forward these posts and letters to your friends and get them to subscribe!
P.P.S. Feed my insatiable reading habit.