ar.io Docs

# Setup Certbot with Auto Renewal for NameCheap

# Note: Namecheap has specific requirements to create an API key. As of ~October 2024 they are:

  • At least 20 domains under your account.
  • A minimum of $50 in your account balance.
  • At least $50 spent within the last 2 years.

If you do not meet these requirements, you can request a waiver by contacting Namecheap support.

# Steps:

  1. Navigate to Namecheap -> Profile > Tools > Manage API Access Keys

  1. On your server, install certbot and DNS plugin for Namecheap
apt update
apt install certbot -y
  1. Install pip
apt install python3-pip -y
  1. Install DNS plugin for Namecheap
pip install certbot-dns-namecheap -y
  1. Create ini file with api key and secret
nano /etc/letsencrypt/namecheap.ini
  1. Add api key and secret created in step 1
dns_namecheap_username = <your_username>
dns_namecheap_api_key = <your_api_key>
  1. Save the file and update permissions
chmod 600 /etc/letsencrypt/namecheap.ini
  1. Generate certificate using certbot with DNS plugin for Namecheap
certbot certonly --dns-namecheap --dns-namecheap-credentials /etc/letsencrypt/namecheap.ini -d <domain.com> -d <\*.domain.com>

Results:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/<domain.com>/fullchain.pem
Key is saved at: /etc/letsencrypt/live/<domain.com>/privkey.pem
  1. Validate certificate and dns update with dry run (this will not create a new certificate or update dns)
certbot renew --dry-run

Results:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/<domain.com>.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for <domain.com> and <*.domain.com>
Waiting 10 seconds for DNS changes to propagate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/<domain.com>/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  1. Reload nginx to apply new certificate (optional)
systemctl reload nginx
  1. Validate certbot timer
systemctl list-timers | grep certbot

Results:

Tue 2024-11-05 02:22:10 UTC      3h 21min Mon 2024-11-04 17:16:51 UTC  5h 43min ago certbot.timer                  certbot.service