Sometimes you can't find the answer to your question on line. This is one of those examples where the answers seem plentiful but I can't get my head around them.
I have a couple of domains with Lets Encrypt wildcard certificates. Creating the certs manually is easy (if a bit laborious): add the specified ._acme_callenge DNS entry and a handful of files under docroot .well-known/acme-challenge. But they can't be renewed automatically so every three months I need to go through the whole process again.
Reading the docs, if my DNS is with one of the supported DNS providers (eg DigitalOcean, who I have an account with) then it can be automated via the API (the files under docroot I think can be automated with the --apache plugin?) but that's not where my DNS is. The docs suggest that I can use a CNAME but don't go beyond that.
Has anyone done this, or otherwise automated wildcard certificate renewals where the DNS isn't in a supported provider?
Also (probably simpler): once the certificate is created, can all the .acme-challenge files and DNS records be deleted?