Install Let’s Encrypt Wildcard SSL Free on VPS / Server

At the beginning of 2018, Let’s Encrypt announced it was about to provide Wildcard SSL. After many delays, finally today, we were able to sign up for this certification free of charge.

let's encrypt wildcard

Specifically, Let’s Encrypt Wildcard SSL is SSL certificate can be used for all subdomains of the domain name of the form  *.domain.com. You only need to activate once the entire subdomain can be installed using the certificate immediately. Wildcard SSL is ideal for using multiple subdomains like WordPress Multisite (subdomain)….

The process of installing Wildcard SSL certificate is slightly different than the normal Let’s Encrypt installation, and not everyone needs to use Wildcard should learn VPS will write a separate tutorial. Wildcard SSL also has a 3 month grace period so you need to configure the crib to automatically renew crontab.

***  If you are using CloudFlare, disable the hidden IP feature by clicking the cloud switch to off ( gold to grey ) 

1. Prepare the system

– Install Let’s Encrypt (skip if done)

# yum -y install git && git clone https://github.com/letsencrypt/letsencrypt / opt / letsencrypt

– Wildcard SSL requires Cerbot version 0.22.0 or higher. Version checking automatically updates Certbot to the latest version.

# cd / opt / letsencrypt 
# ./letsencrypt-auto --version
Upgrading certbot-auto 0.21.1 to 0.22.0 ...
Replacing certbot-auto ...
certbot 0.22.0

2. Activate the Let’s Encrypt Wildcard SSL certificate

Wildcard SSL is only for subdomains of the form *.domain.com, not secure domain.com. So, if you need to, you should enable SSL and Wildcard SSL domains simultaneously in one certificate.

The example in this tutorial will guide you to issuing certificates for both the domain easypromocode.com and all subdomains *.easypromocode.com.

# cd / opt / letsencrypt
# ./letsencrypt-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d easypromocode.com -d * .easypromocode.com

Let’s Encrypt will install the necessary tools. Then enter your email address, agree to the rules.

Saving debug logs to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
EMAIL ADDRESS (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected] 
------------------------------------------ -------------------------------------

Enter the email address used to send the notification.

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. 
https://acme-v02.api.letsencrypt.org/directory
---------------------------------------------- -----------------------------
(A) gree / (C) ancel: A
---------------------------------------------- -----------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, and founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to email you about EFF and
our work to encrypt the web, protect its users and defend digital rights.
---------------------------------------------- -----------------------------
(Y) es / (N) o: N

Accept the press rule Aand agree to receive the news via email, Y/Nis.

Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for easypromocode.com
dns-01 challenge for easypromocode.com
---------------------------------------------- -----------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
---------------------------------------------- -----------------------------
(Y) es / (N) o: N 
--------------------------------------- ----------------------------------------

Agree to share IP Log information Y/N

Hãy cài đặt một DNS TXT ghi theo tên
 _acme-challenge.easypromocode.com với giá trị sau:
 5 as12ras1bc30ascd1rCasas5172y12nj121212gM4vp-w
Gi continuing, verify the record is deployed.
---------------------------------------------- -----------------------------
Press Enter to Continue
---------------------------------------------- -----------------------------
Hãy gõ DNS TXT ghi theo tên
_acme-challenge.easypromocode.com with the following value:
 dWY-as1k21kaAAnn1zcnjj0-129sasnnn12njnjj122njj-w
Gi continuing, verify the record is deployed.
---------------------------------------------- -----------------------------
Press Enter to Continue

This is the most important step, authenticating domain ownership by creating two TXT records with content displayed on the screen. Then press Enter.

If no matter what happens, you get the message congratulations Congratulations! as below:

Waiting for verification ...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/easypromocode.com/fullchain.pem
   Your file was saved at:
   /etc/letsencrypt/live/easypromocode.com/privkey.pem
   Your cert will expire on 2018-07-26. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew * all * of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le

Check the certificate content

# ./letsencrypt-auto certificates
Saving debug logs to /var/log/letsencrypt/letsencrypt.log
---------------------------------------------- -----------------------------
Found the certs:
Certificate Name: easypromocode.com
    Domains: easypromocode.com * .easypromocode.com
    Expiry Date: 2018-06-16 14: 51: 20 + 00: 00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/easypromocode.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/easypromocode.com/privkey.pem
---------------------------------------------- -----------------------------

So, you’ve successfully issued the Let’s Encrypt certificate – including DV SSL and Wildcard SSL.

Add Comment