Wildcard SSL Certificates With Let's Encrypt

Jul 24, 2018

I have the domain kaleo.blog and I want to get the SSL Certificates for *.kaleo.blog.

install certbot first:

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto && sudo ./certbot-auto

generate certificates:

$ sudo ./certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d *.kaleo.blog

press Enter, should see something like this:

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.kaleo.blog with the following value:

Fj7dF8Wbva1mJ9Ubzaqw4Dsq-XXXXXXXXXXXXXX

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

go to DNS Provider and add the TXT record above.

use nslookup to verify if it is working:

$ nslookup -type=TXT _acme-challenge.kaleo.blog

finally we get our certificates:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/kaleo.blog/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/kaleo.blog/privkey.pem
   Your cert will expire on 2018-09-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

use fullchain.pem as server.crt and privkey.pem as server.key.