Generate free Wildcard Certificates using Let’s Encrypt (Certbot) on Ubuntu

Step 1: Install Let’s Encrypt Certbot Tool

   sudo apt update
   sudo apt install letsencrypt

Step 2: Generate Let’s Encrypt Wildcard SSL Certificate

For wildcard certificates, the only challenge method Let’s Encrypt accepts is the DNS challenge, which we can invoke via the preferred-challenges=dns flag

sudo certbot certonly --manual --preferred-challenges=dns --email --server --agree-tos -d -d *
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for
dns-01 challenge for

The command options above are explained below:

certonly:                                     Obtain or renew a certificate, but do not install
–manual:                                    Obtain certificates interactively
–preferred-challenges=dns:      Use dns to authenticate domain ownership
–server:                                      Specify the endpoint to use to generate
–agree-tos:                                 Agree to the ACME server’s subscriber terms
-d:                                               Domain name to provide certificates for

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2021-06-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"

 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.