Jul 24, 2018

Wildcard SSL Certificates With Let's Encrypt

procedure article

I have the domain kaleo.blog and I want to get the SSL Certificates for *.kaleo.blog.

install certbot first:

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto && sudo ./certbot-auto

generate certificates:

$ sudo ./certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d *.kaleo.blog

press Enter, should see something like this:

Please deploy a DNS TXT record under the name
_acme-challenge.kaleo.blog with the following value:


Before continuing, verify the record is deployed.
Press Enter to Continue

go to DNS Provider and add the TXT record above.

use nslookup to verify if it is working:

$ nslookup -type=TXT _acme-challenge.kaleo.blog

finally we get our certificates:

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2018-09-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

use fullchain.pem as server.crt and privkey.pem as server.key.