macOS Server and Wildcard Certificates

In a bid to bring automatic wildcard renewal of SSL letsencrypt certificates to my Mac mini running macOS Server, I used Eric’s instructions and only tweaked one line in the section “Creating the certificate” by changing this line:

sudo certbot certonly –standalone -d server.internal.company.ca

to this line:

sudo certbot certonly –manual –preferred-challenges=dns –email admin@company.ca –server https://acme-v02.api.letsencrypt.org/directory –agree-tos -d *.company.ca

When –preferred-challenges=dns is used, I had to create a TXT record with my registrar, but after you doing this once for each domain it shouldn’t be necessary again. I’ll report back when I know the rest of Eric’s scripts are working.

Leave a Reply

Your email address will not be published. Required fields are marked *