Pallavi Udhane #
Senior Lead at TransUnion | AWS 1X, Azure 1X Certified
January 24, 2021
This tutorial gives brief information on how can we create a wildcard certificate using Let’s Encrypt for the domain.
Let’s Encrypt:Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.
Key Points:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of anyone organization.
Wild Card: Wildcard SSL certificates allow you to secure the main domain and an unlimited number of sub-domains under the main domain. For example, www.yourwebsite.com, login.yourwebsite.com, mail.yourwebsite.com, etc. Wildcard SSL certificates offer full encryption for the subdomains, making them an affordable and effective solution for most websites.
This brief tutorial shows how to generate free wildcard SSL/TLS certificates using Let’s Encrypt (Certbot) on Ubuntu 16.04 | 18.04 LTS
Step 1: Install Let’s Encrypt Certbot Tool #
install certbot with its all dependencies.
sudo apt update sudo apt- get install letsencrypt
Step 2: Generate Let’s Encrypt Wildcard Certificate #
before going with this step make sure you already have your domain with the proper IP address pointed to it. then execute the below command.
However, for wildcard certificates, the only challenge method Let’s Encrypt accepts is the DNS challenge, which we can invoke via the preferred-challenges=dns flag.
sudo certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d example.com -d *.example.com
The command options above are explained below:
- certonly: Obtain or renew a certificate, but do not install
- –manual: Obtain certificates interactively
- –preferred-challenges=dns: Use dns to authenticate domain ownership
- –server: Specify the endpoint to use to generate
- –agree-tos: Agree to the ACME server’s subscriber terms
- -d: Domain name to provide certificates for
Go to your DNS provider portal and add a text record for the string above and save.
In my case google cloud DNS is a domain provider.So i have added an entry here.
wait for some time at least 10 to 15 minutes. some cloud providers take time to update changes.After the changes above and Let’s Encrypt is able to validate that you own the domain, you should see a successful message as below:
the wild card certificate is created and it is ready to use now.you can verify created certificate by the below command.
sudo certbot certificates
this will display the below details. you can download generated private key and certificate from the given path.
the certificate is valid for 85 days. we can write a scheduler to automate the renewal process.
sudo crontab -e
Then add the line below and save.
0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log
WordPress Hosting Now or WPHN is a free WordPress Hoster with no cost for hosting. Unlimited storage, dedicated 1G speed to the internet, nightly backups with UpDraftPlus, support to change DNS settings, and development help. Plus, we will throw in a free email address! Can’t beat this deal. To read more and sign up, visit our About and Registration Page
No Responses