Friday, November 15, 2024
Google search engine
HomeSecurity & TestingHow To Generate Let’s Encrypt Wildcard SSL Certificate

How To Generate Let’s Encrypt Wildcard SSL Certificate

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

This guide will is on How To Generate Let’s Encrypt Wildcard SSL certificate. As you may already know, Letsencrypt announced the release of ACME v2 API which is now ready for production. One of the features that people have been waiting for is the support for Wildcard certificates which was missing in ACME v1.

In this guide, I’ll show you the process of generating a wildcard Let’s Encrypt SSL certificate for use with your Web applications, validated manually using DNS.  End users can begin issuing trusted, production-ready certificates with their ACME v2 compatible clients using the following directory URL:

https://acme-v02.api.letsencrypt.org/directory

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

letsencrypt

Please note that you must use an ACME v2 compatible client to access this endpoint. You can consult our list of ACME v2 compatible clients.

Install certbot-auto ACME v2 Client

Run the following command to install certbot-auto ACME v2 client that we’ll use to get wildcard ssl certificate.

wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto

Generate Let’s Encrypt Wildcard SSL Certificate

I’ll generate Wildcard certificate for *.neveropen.tech. One requirement is access to your DNS manager to verify domain ownership by adding a generated TXT record.

Run below command to start certificate request process:

certbot-auto certonly --manual -d *.example.com  --agree-tos \
--no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 \
-m  your-email-address  \
--server https://acme-v02.api.letsencrypt.org/directory

You should get output similar to below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for geeksforgeeks.org

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.geeksforgeeks.org with the following value:

UGa2-db4b-gj9aWAmS8UCnctThIMgRTWAWSeCK_zLVPAfaz6lvQ

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

It gives you a TXT record to add to your DNS, for me, the record is:

Name:  _acme-challenge.example.com 
TXT record: UGa2-db4b-gj9aWAmS8UCnctThIMgRTWAWSeCK_zLVPAfaz6lvQ

After this is done and the record has been populated, press the enter key to continue. On successful generation, you should get output like below:

Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2018-07-14. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

The output gives you the full path to the private key and the certificate file. You can now use the certificate for your applications.

Similar content:

How to create locally trusted SSL Certificates on Linux and macOS with mkcert

How to install OpenSSL on Windows Server 2019

How To Secure GitLab Server with SSL Certificate

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments