Let’s Encrypt + Certbot

Let's Encrypt + Certbot -- Quickread

Some findings related to usage of Let's Encrypt and Certbot:

- Certs are valid for 90 days. 
- Can be generated with cli with challenges like DNS (TXT Records), HTTP (/.well-known/acme-challenge/<TOKEN>)
- Wildcard certs can be generated with DNS challenge, but for auto-renew to work with this wildcard, DNS provider must have a certbot DNS plugin. 
    - Refer: https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins
    - Docker images: https://hub.docker.com/u/certbot


- Example.com using godaddy dns plugin (Not official - https://github.com/miigotu/certbot-dns-godaddy)

`certbot certonly \\
  --authenticator dns-godaddy \\
  --dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \\
  --dns-godaddy-propagation-seconds 900 \\
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d 'example.com' \\
  -d '*.example.com'`
  

- If certbot version is lower than v1.7

`certbot certonly \\
  --authenticator certbot-dns-godaddy:dns-godaddy \\
  --certbot-dns-godaddy:dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \\
  --certbot-dns-godaddy:dns-godaddy-propagation-seconds 900 \\
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d 'example.com' \\
  -d '*.example.com'`
 

- Does it work with 2 different dns providers ?? Try it out ?? Something like below may work :

`certbot certonly \
  --authenticator dns-godaddy \
  --dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \
  --dns-godaddy-propagation-seconds 60 \
  --dns-route53 \
  --dns-godaddy-propagation-seconds 60 \
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d 'example.com' \
  -d '*.example.com' \
  -d 'example2.com'`