Certbot

Automates the Let’s Encrypt certificate issuance process.

Wildcard Certificate

Since the wildcard is obtained via DNS records, there is no need to integrate with the web server or spawn the standalone web server of certbot.

OVH

Setup the certificate in the first place:

certbot certonly -a dns-ovh --dns-ovh-credentials /etc/certbot/ovh -d "*.[DOMAIN.TLD]" -d [DOMAIN.TLD]

API credentials format [/etc/certbot/ovh]:

# OVH API credentials used by Certbot
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = xxxxxxxxxxxxxxxx
dns_ovh_application_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dns_ovh_consumer_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Required packages for Cent OS 7: certbot, python2-certbot, python2-certbot-dns-ovh

Automatic renewal
47 1-3 * * * /usr/bin/certbot renew