• Certbot 0.22.0 or greater
  • Verify using DNS plugin
  • Aut using Let’s Encrypt’s new ACMEv2 server

Install certbot

Manually install wildcard certificate using DNS authentication

Create cron job to automate renewal

# /etc/cron.d/certbot: crontab entries for the certbot package
# Upstream recommends attempting renewal twice a day
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.

0 */12 * * * root certbot -q renew --renew-hook 'service nginx reload' > /var/log/letsencrypt/renew.log

TODO : create Namecheap renewal API plugin