Generate free SSL Let’s Encrypt – Wildcard Certificate – 2/3

This article is the 2nd part of Let’s Encrypt series, in first post I shared my experience of generating SSL for sub domain. Here is the link if you are interested.

Generate freeSSL Let’s Encrypt – Per Domain – 1/3

How to generate wildcard SSL certificate:
At this stage I assume that:

  1. You have access to Server SSH, where your website is running.
  2. You are able to modify your domain DNS.
  3. You have already install Certbot on your server if not then follow the link given above.

Once Certbot is configured on the server, follow the steps given below.

Step1: Generate SSL by running command
In order to generate SSL run this command in shell by replacing your domain.

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d '*.yourdomain.com'

certonly: We are telling Certbot not to change webserver configuration, that’s mean we need to update site config once SSL are generated.
--manual: Using manual mean, renewal of SSL will be manually.
--preferred-challenges dns: When generating SSL domain needs to be verified, and I am using DNS verification here. As this command will run, Certbot will ask you to add a DNS TXT record to your domain DNS.

Command output:

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please deploy a DNS TXT record under the name
_acme-challenge.yourdomain.com with the following value:
zMt71kkqeRSribgKx5dPtZI36XFB6jo9bRyKLFiDggU
Before continuing, verify the record is deployed.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Press Enter to Continue:

Step2: Update Domain DNS
Now update your domain DNS with the TXT record of _acme-challenge.yourdomain.com & value.

Example:

Before you hit the [Press Enter to Continue: ] in shell, verify your domain DNS are update. you can use mxtoolbox.com to verify this, take a look below.

Example:

Now you are good to continue with generating SSL.

Final output should be like this, screenshot is taken from previous post.

Hope it will be helpful, see you in next post 🙂

About the author

Danyal Ali Butt

I'm working as programmer since 2002. Born, grew up, studied and worked in Pakistan now Im located in Denmark since 2006.

View all posts