Let’s Encrypt: Get Wildcard SSL Certificate – Certbot

Let’s Encrypt CA (Certificate Authority) can issue a wildcard SSL certificate that will be valid for 90 days – completely free of charge.

The easiest way to obtain such wildcard SSL certificate from Let’s Encrypt is by using the Certbot (command-line client for Let’s Encrypt).

In this note i will show how to install Certbot and get a wildcard SSL certificate from Let’s Encrypt.

Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →

Get Wildcard SSL Certificate from Let’s Encrypt

Install Certbot on Ubuntu:

$ sudo apt-get update
$ sudo apt-get install certbot

Install Certbot on MacOS:

$ brew install certbot

Get a wildcard SSL certificate from Let’s Encrypt for yourdomain.tld using Certbot:

$ sudo certbot certonly --manual \
  --preferred-challenges=dns \
  --email admin@yourdomain.tld \
  --server https://acme-v02.api.letsencrypt.org/directory \
  --agree-tos \
  --manual-public-ip-logging-ok \
  -d "yourdomain.tld" \
  -d "*.yourdomain.tld"

While requesting a wildcard SSL certificate it is important to define both yourdomain.tld and *.yourdomain.tld, otherwise after installing the certificate you may get the errors as follows:

Did Not Connect: Potential Security Issue
SSL_ERROR_BAD_CERT_DOMAIN
– or –
Your connection is not private
NET::ERR_CERT_COMMON_NAME_INVALID

Cool Tip: Create a self-signed SSL Certificate! Read more →

Follow the instructions and create a DNS TXT record generated by Certbot for subdomain:

_acme-challenge.yourdomain.tld

To verify the record is created you can use a dig command, e.g.:

$ dig TXT _acme-challenge.yourdomain.tld +short
"b9JR3kNCti7zPKjwVvedPX9X9zagLyxW2rbOkttwBmY"

Once wildcard SSL certificate is generated it will be saved at:

$ sudo ls /etc/letsencrypt/live/yourdomain.tld
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

Leave a Reply