Issue Let’s Encrypt Wildcard Certificate using Certbot
Let’s Encrypt is an authority that you can use to issue SSL certificates that browsers will trust. The only difference is, Let’s Encrypt authority provides SSL certificates for Free. It means that you can protect your website for free with SSL certificate if you are willing to use Let’s Encrypt as your SSL certificate authority. Let’s Encrypt has multiple clients for multiple operating systems and programming languages. You can use those clients to request SSL certificates from Let’s Encrypt. In this guide, I am going to show you How to issue Let’s Encrypt wildcard SSL certificate using Certbot.
First of all, Let us see how we can install Certbot on our server. In this guide, I am going to show you How to install Certbot on Ubuntu, one of the most popular server operating systems. If you are not using Ubuntu, Refer the official Certbot website for instructions to install Certbot.
Install Certbot on Ubuntu
Certbot is a very easy to install piece of software. You do not need too much knowledge of Linux to install Certbot on Linux based operating systems.
Before we can start the installation process, we have to add Certbot PPA to our system so that we can use
apt to install Certbot on our system. To add the repository, execute the following commands on your server.
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository universe $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update
Now, Execute the following command If you are using Apache as the web server.
$ sudo apt-get install certbot python-certbot-apache
However, If you are using Nginx, execute the following command.
$ sudo apt-get install certbot python-certbot-nginx
It might take some time to install and configure Certbot on the system. Once done, you can use Certbot to issue SSL certificates from Let’s Encrypt. In this case, we will issue a Wildcard SSL certificate.
How to issue Let’s Encrypt Wildcard Certificate using Certbot
Wildcard SSL certificate is a type of SSL certificate in which all the subdomains of a specific domain can be protected with SSL certificate. For example, If you have wildcard SSL certificate for
*.example.com, you can apply the same SSL certificate on
Considering you have installed Certbot on your system, execute the following command on your server.
$ sudo certbot certonly --agree-tos --email firstname.lastname@example.org --manual --preferred-challenges=dns -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory --manual
Let us Understand all the options in this command first. Then we will move on to the next part.
- certonly: The certonly option in our command will make sure that we just want to issue SSL certificate. If you remove the
certonlyoption from the command, Certbot will issue the SSL certificate and it will also update your virtual host file to apply the SSL certificate.
- –agree-tos: We have to add this option to agree with Let’s Encrypts’ terms of service. You can read their terms of service here.
- –email: We are using this option to store the SSL certificate in our Let’s Encrypt account. You will be notified a week before your SSL certificate is about to expire. Make sure you are entering the correct email address.
- –manual: We are using this option to issue SSL certificate interactively. It will prompt you for more information and confirmation.
- –preferred-challenges: We are using this option to specify the method we want to use to verify the domain name. Note that we have to verify our domain name to issue SSL certificate. To issue wildcard SSL certificate, we have to select
dnsas our preferred domain verification challenge.
- -d: This option is used to enter the list of domain names for which we want to issue the SSL certificate. You can pass multiple domains – Comma separated.
- –server: We use this option to specify the API endpoint to issue SSL certificate. The one we are using in this command supports Wildcard SSL certificates.
Execute the command, It will provide you a TXT record that you have to add in your DNS zone file. Add the TXT record and then hit the Enter button. It will verify the TXT record and if it is correct, it will successfully issue a wildcard SSL certificate for your domain name.
The SSL certificate will be stored at
/etc/letsencrypt/live location. You can add the same path in your Virtual Host file. If you do not know much about virtual host files, Refer our guides on Virtual hosts according to the web server you are using.
You can update the virtual host files to enable SSL certificate on your domain name. So, this is how you can issue Let’s Encrypt wildcard SSL certificate. Let us know if in the comment section if you are stuck somewhere in the process or just need help issuing Wildcard SSL certificate from Let’s encrypt using Certbot.