A Let’s Encrypt Wildcard Certificate requires DNS verification. Ploi does not offer TransIP as DNS provider for the generation of LE SSL wildcards. Installing TransIP Certbot Plugin is possible using pip install certbot-dns-transip
, but does not work together with snap
installed Certbot. And latter is setup done with Ploi. So in the end I had to install Docker with
sudo apt install docker.io
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker $USER
and run
docker run -ti --rm \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-w /etc/letsencrypt \
hsmade/certbot-transip \
certonly -n \
-d '*.site.com' -d 'site.com' \
-a dns-transip \
--dns-transip-credentials /etc/letsencrypt/transip.ini \
--dns-transip-propagation-seconds 240 \
-m admin@site.com \
--agree-tos \
--eff-email
Did have to run command twice for some reason as first round there was an error about registration of email address.
For a renewal shell script we now have
#!/bin/bash
# Log file location
LOG_FILE="/var/log/letsencrypt/renew.log"
# Run the Docker command to renew certificates
docker run -ti --rm \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-w /etc/letsencrypt \
hsmade/certbot-transip \
certonly -n \
-d '*.domain.com' -d 'domain.com' \
-a dns-transip \
--dns-transip-credentials /etc/letsencrypt/transip.ini \
--dns-transip-propagation-seconds 240 \
-m admin@domain.com \
--agree-tos \
--eff-email >> $LOG_FILE 2>&1
# Check the exit code of the Docker command
if [ $? -eq 0 ]; then
echo "[$(date)] Certificate renewal successful. Reloading Nginx..." >> $LOG_FILE
# Use systemctl reload command
systemctl reload nginx >> $LOG_FILE 2>&1
else
echo "[$(date)] Certificate renewal failed. Check the logs for more details." >> $LOG_FILE
# Collect additional system info
echo -e "\nSystem Info:" >> $LOG_FILE
uname -a >> $LOG_FILE
df -h >> $LOG_FILE
free -m >> $LOG_FILE
# Send an email notification on failure with detailed information
SUBJECT="Certbot Renewal Failed for domain.com"
EMAIL="admin@domain.com"
BODY="The automatic renewal of the SSL certificate for domain.com has failed.\n\nLog Details:\n$(cat $LOG_FILE)"
echo -e $BODY | mail -s "$SUBJECT" $EMAIL
fi
But that is still work in progress. Added the shell script to crontab as root so logs could be written away and so reload would work