Comodo is after me to renew, offering a free year. The last time I attempted to install a wildcard certificate from Lets Encrypt, shortly after they introduced the feature, I wasn’t able to figure it out. Now, 9 months later, there is a lot more information about how to do it. Before spending the money for a commercial cert, I thought I would give it a try.
I used the following on tarragon:
certbot certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
-d wmbuck.net -d *.wmbuck.net \
It is important that the server url by v02, because v01 servers can’t issue wildcard certs. I had to put TXT records in the DNS for them to verify, and they created the cert into the /etc/letsencrypt/live directory where all the others are.
This was trivially easy. Goodbye Comodo.