image courtesy, the Lego Github page


I want to someday, automate all my domain certificate renewals.
Namecheap doesn’t support it, ergo my move to Porkbun.
And certbot doesn’t support Porkbun, so I’ve moved to Lego.

I still need to someday figure out how to do this automatically, but for now, since all is in place, this is the new manual process.

  1. You’ll need to generate a Porkbun API key along with its associated secret, and store it somewhere safe and secure. (This is a one time thing, the Generating API keys section here describes how)
  2. Another one time step is to get Lego installed and have it generate your certs, and then have your applications, point to where they are.
  3. Command to renew: PORKBUN_SECRET_API_KEY="your-api-*secret*" PORKBUN_API_KEY="your-porkbun-api-key" ./lego --domains your-domain.tld --domains *.domain.tld --email your-email@domain --dns porkbun renew
  4. And the renewal’s done!
  5. Restart yer engines … err your applications1 et voilà!
  6. If you have multiple machines, figure out a way to securely transfer the certs there too.


Feedback on this post? Mail me at feedback at this domain

P.S. Subscribe to my mailing list!
Forward these posts and letters to your friends and get them to subscribe!
P.P.S. Feed my insatiable reading habit.



  1. in my case Nginx ↩︎