# CERT.md

# Summary
Certificates are obtained using certbot. Since we use BIND, we use RFC2136 Dynamic
Updates to request wildcard certificates.

The configuration file for RFC2136 is saved in /root/.rfc2136.conf.

To update the certificate, use the following command:

certbot certonly --dns-rfc2136 --server https://acme-v02.api.letsencrypt.org/directory

Remember to add in the non-wildcard root URLs, like so:

*.segfault.party segfault.party *.imgf.lt imgf.lt (etc)

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --expand -d "*.segfault.party,segfault.party,*.harrywf.nl,harrywf.nl,*.imgf.lt,imgf.lt,*.vakantiehuisschellinkhout.nl,vakantiehuisschellinkhout.nl,spati.es,*.spati.es,*.*.spati.es"