• Install certbot:
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
  • Get a certificate
./certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns  -d *.itunix.eu

An important parameter to notice is --server https://acme-v02.api.letsencrypt.org/directory, which will instruct the certbot client to use v2 of the Let’s Encrypt API (we need that for wildcard certs).

  • Add DNS TXT record
 _acme-challenge.itunix.eu.        IN  TXT    "XXXX"

After add you should verify that it is working using nslookup

nslookup -type=TXT _acme-challenge.itunix.eu

When you have verified that the TXT record is properly deployed, you should see something like:

 - Congratulations! Your certificate and chain have been saved at:
  • Edit your old certificates with new Wildcard certificate (eg apache2)
cd /etc/apache2/sites-enabled/
sed -i 's/live\/.*.itunix.eu/live\/itunix.eu-0001/g' *.itunix.eu

original article