(Update, 2024-03-15: I now use lego. will update this post later.)

After struggling to renew my certs for the third time in a row, hopefully these pointers should keep me on track for the next time.

  1. Namecheap does not yet support automatic wildcard renewal for the Letsencrypt/Certbot combo. Check next year.
  2. Have your Namecheap control panel open and ready.
  3. Switch to root or run the command below with sudo
  4. Command to renew: certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 -d *.domain.com -d domain.com
  5. certbot will then, print a couple of lines that you need to add as a TXT record in the Namecheap DNS control panel.
  6. When you do that, make sure you set the TTL of the record, to a minute, so that you can redo stuff quicker, if you mess up.
  7. certbot might ask you to do multiple records. Read the instructions carefully.
  8. When you check to see if the TXT record is set, search for the whole domain name. For e.g. _acme-challenge.domain.blah instead of just domain.blah
  9. If you’ve done all of the above, hopefully things should go smoothly and the certificate should renew.
  10. Restart Nginx and you’re done.
  11. If you have multiple machines, figure out a way to securely transfer the certs there too.
    P.S. Subscribe to my mailing list!
    Forward these posts and letters to your friends and get them to subscribe!
    P.P.S. Feed my insatiable reading habit.