I have been using Let’s Encrypt for a while now and until recently was using the standard acme package and creating cnames for all of the subdomains I use (ie: router.domain.com). However I decided about 6 months back to start using wildcard certificates instead but of course, I was not able to auto-renew as you have to do a DNS challenge and that requires TXT records to be created. My domain registrar and DNS host is GoDaddy.
My current implementation has been to create an Ubuntu server and setup the acme package and manually create the TXT records in order to generate the certificates for the 4 domains that I have, the downside, of course, is that it takes a good chunk of time every 90 days to renew the certificates and I would like a more automated process. You see once I have the certificates from LE I then use them on my internally hosted reverse proxies to provide signed SSL certificates for all of my web-managed devices (ie: pfSense, Proxmox, Unifi, etc.). I do have multiple proxies so that domains/subdomains that are outward-facing are on one proxy and internal ones are on another, I will also be adding a third what will be just for infrastructure devices such as my managed switches, NAS units, etc.
I am open to ideas if someone knows a more secure and efficient way to accomplish my goal of having signed SSL certs for devices that are internal only as well as my external-facing sites (I host about 8 different sites all on their own VM and accessed via a reverse proxy.)
Does anyone know a way to automate the renewal of wildcard certs either with GoDaddy or with another DNS provider? Ideally at no cost, as I looked at Cloudflare and its 20 a month for their services. Or if there is a self-hosted method to respond to the DNS challenges that would automate the process of renewing the certificates?