Since certbot in Ubuntu 16.04 is upgraded to version 22, it is now ready to use Acme v2. I believe ISPConfig developers are already working on this but everybody have to be patient since it may not be out in the near future. As I am currently using CloudFlare as my dns server, I would like to share some tips/tricks that I recently did on my ubuntu nginx webserver in order to issue a Let's Encrypt wildcard SSL certs for one of my domains. Firstly, other than installing the default certbot via "apt -y install python-certbot-nginx", I have to install cloudflare plugin for it too. This I did by running "apt -y install python3-certbot-dns-cloudflare python3-cloudflare". This plugin is essential for this tip/trick. Secondly, I created a cloudflare credential file I named after my domain in /etc/letsencrypt folder running "nano /etc/letsencrypt/domain.tld.ini" and enter my cloudflare API and login email inside the file accordingly as follows: Code: # CloudFlare API key information dns_cloudflare_api_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx dns_cloudflare_email = [email protected] Thirdly, I modified default cli.ini file in the same folder running "nano /etc/letsencrypt/cli.ini" and add the above file and Acme v2 link inside (at its end) to ensure Acme v2 will be applied if the dns option is used when creating new Let's Encrypt SSL certs. Code: # Let's Encrypt site-wide configuration dns-cloudflare-credentials = /etc/letsencrypt/domain.tld.ini # Use the ACME v2 staging URI for testing things #server = https://acme-staging-v02.api.letsencrypt.org/directory # Production ACME v2 API endpoint server = https://acme-v02.api.letsencrypt.org/directory Finally, I run "certbot certonly -d domain.tld -d *.domain.tld --dns-cloudflare --agree-tos" to create Let's Encrypt wildcard SSL certs for my domain. This new certs will be defaulted to the same usual Let's Encrypt folder which you can manually use with ISPConfig. Its renewal file should look like this: Code: # renew_before_expiry = 30 days version = 0.22.0 archive_dir = /etc/letsencrypt/archive/domain.tld cert = /etc/letsencrypt/live/domain.tld/cert.pem privkey = /etc/letsencrypt/live/domain.tld/privkey.pem chain = /etc/letsencrypt/live/domain.tld/chain.pem fullchain = /etc/letsencrypt/live/domain.tld/fullchain.pem # Options used in the renewal process [renewalparams] account = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx server = https://acme-v02.api.letsencrypt.org/directory authenticator = dns-cloudflare installer = None dns_cloudflare_credentials = /etc/letsencrypt/domain.tld.ini I think renewing via certbot renew should cover renewing this as well after the lapse of 60 days and before 90 days but I cannot confirm its renewal will work since mine is not subject to any renewal yet. So, please be attentive to friendly-reminding-email from Let's Encrypt just in case its renewal somehow failed after 60 days as you may need to do it manually.