Tutorials: Create Let's Encrypt Wildcard Certificate

March 13, 2018, Let’s Encrypt Wildcard certificate support is live.

How to use it? Follow me.

git clone git@github.com:certbot/certbot.git
git checkout v0.22.0
./certbot-auto certonly --manual -d *.example.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

echo "add TXT to your domain DNS record"
echo "press Enter"

echo "Done!"
sudo ls -l /etc/letsencrypt/live/example.com/


echo "test on localhost"

echo "edit local web server config, see the apache2 config below"
sudo service apache2 restart
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts

curl -v "https://www.example.com/"

Screenshots

apache2 SSL config

<VirtualHost *:80>
    ServerName example.com
    ServerAlias *.example.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    ServerAlias *.example.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"
</VirtualHost>

References

• ACME v2 and Wildcard Certificate Support is Live
• ACME v2 Compatible Clients