feroze-m/Let's Encrypt + Certbot -- Quickread

## Let's Encrypt + Certbot -- Quickread
Some findings related to usage of Let's Encrypt and Certbot:

- Certs are valid for 90 days.
- Can be generated with cli with challenges like DNS (TXT Records), HTTP (/.well-known/acme-challenge/<TOKEN>)
- Wildcard certs can be generated with DNS challenge, but for auto-renew to work with this wildcard, DNS provider must have a certbot DNS plugin.
    - Refer: https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins
    - Docker images: https://hub.docker.com/u/certbot


- Example.com using godaddy dns plugin (Not official - https://github.com/miigotu/certbot-dns-godaddy)

`certbot certonly \\
  --authenticator dns-godaddy \\
  --dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \\
  --dns-godaddy-propagation-seconds 900 \\
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d 'example.com' \\
  -d '*.example.com'`


- If certbot version is lower than v1.7

`certbot certonly \\
  --authenticator certbot-dns-godaddy:dns-godaddy \\
  --certbot-dns-godaddy:dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \\
  --certbot-dns-godaddy:dns-godaddy-propagation-seconds 900 \\
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d 'example.com' \\
  -d '*.example.com'`


- Does it work with 2 different dns providers ?? Try it out ?? Something like below may work :

`certbot certonly \
  --authenticator dns-godaddy \
  --dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \
  --dns-godaddy-propagation-seconds 60 \
  --dns-route53 \
  --dns-godaddy-propagation-seconds 60 \
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory \
  -d 'example.com' \
  -d '*.example.com' \
  -d 'example2.com'`
	Some findings related to usage of Let's Encrypt and Certbot:

	- Certs are valid for 90 days.
	- Can be generated with cli with challenges like DNS (TXT Records), HTTP (/.well-known/acme-challenge/<TOKEN>)
	- Wildcard certs can be generated with DNS challenge, but for auto-renew to work with this wildcard, DNS provider must have a certbot DNS plugin.
	- Refer: https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins
	- Docker images: https://hub.docker.com/u/certbot


	- Example.com using godaddy dns plugin (Not official - https://github.com/miigotu/certbot-dns-godaddy)

	`certbot certonly \\
	--authenticator dns-godaddy \\
	--dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \\
	--dns-godaddy-propagation-seconds 900 \\
	--keep-until-expiring --non-interactive --expand \
	--server https://acme-v02.api.letsencrypt.org/directory \
	-d 'example.com' \\
	-d '*.example.com'`


	- If certbot version is lower than v1.7

	`certbot certonly \\
	--authenticator certbot-dns-godaddy:dns-godaddy \\
	--certbot-dns-godaddy:dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \\
	--certbot-dns-godaddy:dns-godaddy-propagation-seconds 900 \\
	--keep-until-expiring --non-interactive --expand \
	--server https://acme-v02.api.letsencrypt.org/directory \
	-d 'example.com' \\
	-d '*.example.com'`


	- Does it work with 2 different dns providers ?? Try it out ?? Something like below may work :

	`certbot certonly \
	--authenticator dns-godaddy \
	--dns-godaddy-credentials ~/.secrets/certbot/godaddy.ini \
	--dns-godaddy-propagation-seconds 60 \
	--dns-route53 \
	--dns-godaddy-propagation-seconds 60 \
	--keep-until-expiring --non-interactive --expand \
	--server https://acme-v02.api.letsencrypt.org/directory \
	-d 'example.com' \
	-d '*.example.com' \
	-d 'example2.com'`