(Update, 2024-03-15: I now use lego. will update this post later.)
After struggling to renew my certs for the third time in a row, hopefully these pointers should keep me on track for the next time.
- Namecheap does not yet support automatic wildcard renewal for the Letsencrypt/Certbot combo. Check next year.
- Have your Namecheap control panel open and ready.
- Switch to
root
or run the command below withsudo
- Command to renew:
certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 -d *.domain.com -d domain.com
certbot
will then, print a couple of lines that you need to add as aTXT
record in the Namecheap DNS control panel.- When you do that, make sure you set the
TTL
of the record, to a minute, so that you can redo stuff quicker, if you mess up. certbot
might ask you to do multiple records. Read the instructions carefully.- When you check to see if the
TXT
record is set, search for the whole domain name. For e.g._acme-challenge.domain.blah
instead of justdomain.blah
- If you’ve done all of the above, hopefully things should go smoothly and the certificate should renew.
- Restart Nginx and you’re done.
- If you have multiple machines, figure out a way to securely transfer the certs there too.
P.S. Subscribe to my mailing list!
Forward these posts and letters to your friends and get them to subscribe!
P.P.S. Feed my insatiable reading habit.