Requirements

  • Certbot 0.22.0 or greater
  • Verify using DNS plugin
  • Aut using Let’s Encrypt’s new ACMEv2 server

Install certbot

Manually install wildcard certificate using DNS authentication

Create cron job to automate renewal

/etc/cron.d/certbot 
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root certbot -q renew --renew-hook 'service nginx reload' > /var/log/letsencrypt/renew.log

TODO : create Namecheap renewal API plugin