Whenever my certificates are almost expired I run my script that loads domain.txt so I don’t need to type it manually and remember all my wildcard subdomains on my VPS server. I was thinking to build a Gandi plugin, but seems an hassle, so therefor I made NodeJS script to add keys easily.

sylo.space *.sylo.space *.blog.sylo.space *.oib.sylo.space
mdstn.com *.mdstn.com *.oib.mdstn.com *.otherinbox.mdstn.com
mizu.work *.mizu.work

File: domain.txt

#!/bin/bash

SERVER=https://acme-v02.api.letsencrypt.org/directory
CERTBOTARGS="certonly --agree-tos -m hariantoatwork@gmail.com --manual --manual-public-ip-logging-ok --preferred-challenges dns --server $SERVER"
DNSTXT=domains.txt
IFS=$'\r\n' GLOBIGNORE='*' command eval 'DOMAINS=($(<"$DNSTXT"))'; unset IFS

cd /root/certbot
for DOMAIN in "${DOMAINS[@]}"
{
    allDNS=($DOMAIN)
    args=()
    for dns in "${allDNS[@]}"; do args+=(-d "$dns"); done

    echo "###: $DOMAIN"
    ./certbot-auto $CERTBOTARGS --cert-name ${allDNS[0]} "${args[@]}"
    echo ================================

}

File: renew-cert.sh

certonly: Obtain or renew a certificate, but do not install it
--agree-tos: Agree to the ACME server's Subscriber Agreement
-m: Email address for important account notifications
--manual: Obtain certificates interactively, or using shell script
hooks
--manual-public-ip-logging-ok: Auto accept IP logging
--preferred-challenges: Set challenge to DNS
--server: Manual override server for wildcards

Source

Gandi acmeChallenge