Run this to generate Wildcard SSL

sudo certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com, example.com"

• After the ssl creation with certbot,
• check in the nginx.conf and see if the certs has been applied correctly (it should because the certbot does it automatically).
• don’t run bench setup nginx yet (this will remove the cert path from nginx.conf)
• enter the cert paths into site_config.json (for single domain) or common_site_config.json (for wildcard) then run bench setup nginx

For cert path insertion you can see follow these formats (choose which suit your need):

In common_site_config.json for wildcard certs:

"wildcard": {
  "domain": "*.example.com",
  "ssl_certificate": "/etc/letsencrypt/live/example.com/fullchain.pem",
  "ssl_certificate_key": "/etc/letsencrypt/live/example.com/privkey.pem"
 }

In site_config.json for site with custom domain (when there are multi domains or subdomains with each own ssl):

 "domains": [
    {
   "domain": "site1.example.com",
   "ssl_certificate": "/etc/letsencrypt/live/site1.example.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/site1.example.com/privkey.pem"
    },
    {
   "domain": "site2.example.com",
   "ssl_certificate": "/etc/letsencrypt/live/site2.example.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/site2.example.com/privkey.pem"
    }
  ]

then run sudo service nginx restart

After that you can create a crontab to renew your certificate automatically

• as root user run crontab -e

  then Add the following lines:

  # Renew Let's encrypt
  0 12 * * * certbot renew --quiet