Nice Install skript, but problems with Certbot wildcard

Hello to all.

I’ve created a Python install script, to install and configure Nginx with installing a cert. on a fresh installed Ubuntu 24.04 minimal Server.

The script is doing the following, and it does it for sure:

com : ufw allow 22
com : ufw allow 80
com : ufw allow 443
com : echo "y" | sudo ufw enable
com : apt -y install nginx
com : mkdir -p /var/www/mydomain.eu/html
com : chown -R $USER:$USER /var/www/mydomain.eu/html
com : chmod -R 755 /var/www/mydomain.eu/
com : touch /var/www/mydomain.eu/index.html
com : touch /etc/nginx/sites-available/mydomain.eu.conf

file: /var/www/mydomain.eu/index.html:
<!DOCTYPE html>
	<html>
		<head>
			<title>mydomain</title>
		</head>
		<body>
			- under construction -
		</body>
	</html>

file: /etc/nginx/sites-available/mydomain.eu.conf:
server {
	listen 80;
	listen [::]:80;

	root /var/www/mydomain.eu;
	index index.html index.htm index.nginx-debian.html;

	server_name mydomain.eu  www.mydomain.eu;

	location / {
		try_files $uri $uri/ =404;
	}
}

com : ln -s /etc/nginx/sites-available/mydomain.eu.conf   /etc/nginx/sites-enabled/
com : systemctl restart nginx
com : apt -y install python3-certbot-nginx
com : certbot --nginx --non-interactive --agree-tos -d *.mydomain.eu -m webmaster@mydomain.eu

The script is working fine, as long I did not put the asterix into the certbot command, to obtain a wildcard cert.

I’m pretty experienced in Python, but Nginx is new to me.
Can anybody see, what is going wrong here?
Thanks for help in advance.

For interest. The script:

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

######################### config #########################
domain       = 'mydomain.eu'
email        = 'webmaster@mydomain.eu'
title        = 'mydomain'
body         = '- under construction -'
dry          = False
####################### config end #######################

import os

def do_com(com):
    if dry:
        print('com : ' + com)
        return
    os.system(com)

def write_file(what,where):
    if dry:
        print('\nfile: ' + where + ':\n' + what)
        return
    f = open(where, 'w')
    f.write(what)
    f.close()

index        = '<!DOCTYPE html>\n\t<html>\n\t\t<head>\n\t\t\t<title>' + title + '</title>'
index       += '\n\t\t</head>\n\t\t<body>\n\t\t\t' + body + '\n\t\t</body>\n\t</html>'
config       = 'server {\n\tlisten 80;\n\tlisten [::]:80;\n\n\t'
config      += 'root /var/www/' + domain + ';'
config      += '\n\tindex index.html index.htm index.nginx-debian.html;\n\n\t'
config      += 'server_name ' + domain + '  www.' + domain
config      += ';\n\n\tlocation / {\n\t\ttry_files $uri $uri/ =404;\n\t}\n}\n'
comlist      = ['ufw allow 22','ufw allow 80','ufw allow 443','echo "y" | sudo ufw enable','apt -y install nginx']
comlist.extend(['mkdir -p /var/www/' + domain + '/html','chown -R $USER:$USER /var/www/' + domain + '/html'])
comlist.extend(['chmod -R 755 /var/www/' + domain + '/','touch /var/www/' + domain + '/index.html'])
comlist.extend(['touch /etc/nginx/sites-available/' + domain + '.conf'])

for com in comlist:
    do_com(com)

write_file(index, '/var/www/' + domain + '/index.html')
write_file(config, '/etc/nginx/sites-available/' + domain + '.conf')
do_com('ln -s /etc/nginx/sites-available/' + domain + '.conf   /etc/nginx/sites-enabled/')
do_com('systemctl restart nginx')
do_com('apt -y install python3-certbot-nginx')
do_com('certbot --nginx --non-interactive --agree-tos -d *.' + domain + ' -m ' + email)

Addition:

certbot --nginx --non-interactive --agree-tos -d mydomain.eu -d *.mydomain.eu -m webmaster@mydomain.eu

Here the output of Certbot:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

No idea what this means.

This seems like a certbot issue as opposed to an NGINX one. Through a cursory glance, I found an issue with a similar error in the certbot repository.

It looks like you might be able to fix the issue by adjusting the parameters of the certbot command, but the format might have changed, given the issue is from 6 years ago.

Thanks for your reply.
At least you are right.
I’ve installed the certbot with

apt -y install python3-certbot-nginx

With this, you can easily do one domain.
If I want more, i found this:
Wildcard with certbot

At least, I’ve decided to run my script once for every sub domain.
Just to keep it simple.