Using Certbot

Free Let’s Encrypt certificates only have a 3-month validity period. To solve automated renewal, I had previously integrated Certbot, but it never worked.

Recently, checking the logs, I found that the error was due to one of the domains I configured at that time being *.1991421.cn, a wildcard domain. This type of domain requires manually adding DNS TXT records, so my multiple certificate applications have been blocked and not working. To solve this problem, I recently found a solution, which I’ll mark here.

Automated Renewal

Looking for solutions, I found this library: certbot-letencrypt-wildcardcertificates-alydns-au.

The basic implementation principle is to use APIs provided by DNS service providers to solve the problem of automatically updating DNS records, while Certbot exposes hooks so it can be integrated with the domain application process. This library also supports Tencent Cloud/Alibaba Cloud services.

Overall it’s OK, but there are a few issues:

1. Not all domains are supported, such as VIP domains, which need to be added manually.
2. The certbot-auto script doesn’t exist, but research shows you can directly switch to certbot instead.

After figuring this out, I modified it. If you need it, you can directly use this library: https://github.com/alanhe421/certbot-letencrypt-wildcardcertificates-alydns-au

Testing shows this is very convenient. After the first manual application, it can be automated afterwards. Whether it actually works can be checked when it’s about to expire to see if it renews normally.

This way, under normal circumstances, you don’t need to worry about domain renewal issues.

Notes

1. For example, CentOS comes with a Python environment by default, so it’s recommended to choose Python.
2. There’s no need to install certbot using Docker; installing it globally is fine and very convenient.