# BAD
certbot --installer=apache --authenticator webroot -w /home/myrtana_sk/current/public -d myrtana.sk,*.myrtana.sk

root@starz:~# certbot certonly --manual -d 'myrtana.sk,*.myrtana.sk' --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/myrtana.sk-0001.conf)

It contains these names: myrtana.sk

You requested these names for the new certificate: myrtana.sk, *.myrtana.sk.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for myrtana.sk
dns-01 challenge for myrtana.sk

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.myrtana.sk with the following value:

YvPjnpkXXdEe64iXVj5vJx1g4dN4WZ2KHfRWu0xxlSA

@   IN  CAA 0 issue "letsencrypt.org"
*.myrtana.sk. IN  CAA 0 issue "letsencrypt.org"
_acme-challenge.myrtana.sk. IN  TXT "YvPjnpkXXdEe64iXVj5vJx1g4dN4WZ2KHfRWu0xxlSA"

/etc/init.d/bind9 reload

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.myrtana.sk with the following value:

Y1XkLWXTTYJy_EYcWxNu3VFI2v2SI7fN92PX56TEaaA

@   IN  CAA 0 issue "letsencrypt.org"
*.myrtana.sk. IN  CAA 0 issue "letsencrypt.org"
_acme-challenge.myrtana.sk. IN  TXT "YvPjnpkXXdEe64iXVj5vJx1g4dN4WZ2KHfRWu0xxlSA"
_acme-challenge.myrtana.sk. IN  TXT "Y1XkLWXTTYJy_EYcWxNu3VFI2v2SI7fN92PX56TEaaA"

/etc/init.d/bind9 reload

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/myrtana.sk-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/myrtana.sk-0001/privkey.pem
   Your cert will expire on 2021-01-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le