1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Renew a wildcard certificate via DNS challenge
This guide explains how to renew a wildcard certificate using DNS challenge with Certbot.
Create an Infomaniak API Token
Log in to Infomaniak Manager and create an API token with the "domain" scope. Take note of this token for future use.
Generate the Wildcard Certificate
Run the Certbot command with the following parameters:
certbot certonly --manual -d *.domain.tld --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Create the TXT Record
Create the TXT record for _acme_challenge.domain.tld manually from the Infomaniak interface.
Configure Automatic Renewal
Create the Renewal Configuration File
Create or edit the file /etc/letsencrypt/renewal/domain.tld.conf with the following information:
[...]
[renewalparams]
account = xxxxx
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = manual
manual_auth_hook = /root/infomaniak-auth.sh
key_type = rsa
Create the infomaniak-auth.sh Script
Create the file /root/infomaniak-auth.sh with the following content:
#!/bin/bash
INFOMANIAK_API_TOKEN=XXXXXXX
certbot certonly \
--authenticator dns-infomaniak \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--rsa-key-size 4096 \
-d $CERTBOT_DOMAIN
Replace XXXXXXX with your Infomaniak API Token.
Automatic Renewal
Schedule regular execution of certbot renew via a cron task to consider the configuration file and automatically renew your certificate at regular intervals.
0 0 */x * * /usr/bin/certbot renew --quiet --config /etc/letsencrypt/renewal/domain.tld.conf
Replace /x with the desired renewal frequency, for example, every 30 days.
Important Notes
- Protect configuration files and scripts containing sensitive information like API tokens.
- Test the manual and automatic renewal process to ensure everything is working correctly before the existing certificate's expiration date.