In a bid to bring automatic wildcard renewal of SSL letsencrypt certificates to my Mac mini running macOS Server, I used Eric’s instructions and only tweaked one line in the section “Creating the certificate” by changing this line:

sudo certbot certonly –standalone -d server.internal.company.ca

to this line:

sudo certbot certonly –manual –preferred-challenges=dns –email admin@company.ca –server https://acme-v02.api.letsencrypt.org/directory –agree-tos -d *.company.ca

When –preferred-challenges=dns is used, I had to create a TXT record with my registrar, but after you doing this once for each domain it shouldn’t be necessary again. I’ll report back when I know the rest of Eric’s scripts are working.

** Update 1-28-2022 **

I switched to using Bernard Teo’s Webmon, OpenVPN, and letsencrypt and I couldn’t be happier. I’ll do a follow-up post/review on my experience soon.