Generate free Wildcard Certificates using Let’s Encrypt (Certbot) on Ubuntu
Step 1: Install Let’s Encrypt Certbot Tool
sudo apt update
sudo apt install letsencrypt
Step 2: Generate Let’s Encrypt Wildcard SSL Certificate
For wildcard certificates, the only challenge method Let’s Encrypt accepts is the DNS challenge, which we can invoke via the preferred-challenges=dns flag
sudo certbot certonly --manual --preferred-challenges=dns --email service@goyun.info --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d goyun.info -d *.goyun.info
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for goyun.info
dns-01 challenge for goyun.info
The command options above are explained below:
certonly: Obtain or renew a certificate, but do not install
–manual: Obtain certificates interactively
–preferred-challenges=dns: Use dns to authenticate domain ownership
–server: Specify the endpoint to use to generate
–agree-tos: Agree to the ACME server’s subscriber terms
-d: Domain name to provide certificates for
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/goyun.info/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/goyun.info/privkey.pem
Your cert will expire on 2021-06-20. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Comments
Post a Comment