After struggling to renew my certs for the third time in a row, hopefully these pointers should keep me on track for the next time.
- Namecheap does not yet support automatic wildcard renewal for the Letsencrypt/Certbot combo. Check next year.
- Have your Namecheap control panel open and ready.
- Command to renew:
certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 -d *.domain.com -d domain.com
- You normally run this as
certbotwill then, print a couple of lines that you need to add as a
TXTrecord in the Namecheap DNS contral panel.
- When you do that, make sure you set the
TTLof the record, to a minute, so that you can redo stuff quicker, if you mess up.
- When you check to see if the
TXTrecord is set, search for the whole domain name. For e.g.
_acme-challenge.domain.blahinstead of just
- If you’ve done all of the above, hopefully things should go smoothly and the certificate should renew.
- Restart Nginx and you’re done.
- If you have multiple machines, figure out a way to securely transfer the certs there too.
P.S. Subscribe to my mailing list!
Forward these posts and letters to your friends and get them to subscribe!
P.P.S. Feed my insatiable reading habit.