1. New
certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com
2. Adding TXT record
_acme-challenge TXT "xxxxxxxxxxxxxxxxxxxxxx"
3. Your cert will expire on 2022-02-28.
4. Renew:
certbot certonly --manual -d '*.example.com'
4.1 New if Renew is failed (if 4.Renew failed then: Retry the Certification Process)
certbot certonly --manual --preferred-challenges dns -d example.com
5. Lookup (on windows)
nslookup -type=TXT _acme-challenge.domain.com
or
https://dnschecker.org/#TXT/_acme-challenge.domain.com
4.1. Update DNS with TXT value
4.2. Before continuing, verify the record is deployed. Press Enter to Continue
4.3. Restart apache2 or wait 15min
4.4 Your cert will expire on
2025-12-22
2025-09-23(new server)
2025-07-19
2025-04-19
2025-01-24
2024-11-10
2024-08-19
2024-05-21
2024-02-25
2023-11-27
2023-08-28
2023-05-26,
2023-02-24,
2022-11-26,
2022-08-28,
2022-05-29
shop:
2024-10-07
2024-05-21
2024-02-25
2023-11-07
h:
2026-02-08
2025-11-08
2025-07-19
2025-04-25
2025-04-19 (err)
2025-01-24
2024-11-10
2024-05-21
https://bobcares.com/blog/certbot-wildcard-certificate-apache/
apache rewrite domain with wildcard:
RewriteEngine on
RewriteCond %{HTTP_HOST} (\w+.domain.lt)
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
https://serverfault.com/questions/809437/rewrite-of-insecure-to-secure-domain-with-wildcard