Let’s Encrypt CA (Certificate Authority) can issue a wildcard SSL certificate that will be valid for 90 days – completely free of charge.
The easiest way to obtain such wildcard SSL certificate from Let’s Encrypt is by using the Certbot (command-line client for Let’s Encrypt).
In this note i will show how to install Certbot and get a wildcard SSL certificate from Let’s Encrypt.
Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →
Get Wildcard SSL Certificate from Let’s Encrypt
Install Certbot on Ubuntu:
$ sudo apt-get update $ sudo apt-get install certbot
Install Certbot on MacOS:
$ brew install certbot
Get a wildcard SSL certificate from Let’s Encrypt for yourdomain.tld using Certbot:
$ sudo certbot certonly --manual \ --preferred-challenges=dns \ --email admin@yourdomain.tld \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ --manual-public-ip-logging-ok \ -d "yourdomain.tld" \ -d "*.yourdomain.tld"
While requesting a wildcard SSL certificate it is important to define both yourdomain.tld and *.yourdomain.tld, otherwise after installing the certificate you may get the errors as follows:
Did Not Connect: Potential Security Issue
SSL_ERROR_BAD_CERT_DOMAIN
– or –
Your connection is not private
NET::ERR_CERT_COMMON_NAME_INVALID
Cool Tip: Create a self-signed SSL Certificate! Read more →
Follow the instructions and create a DNS TXT record generated by Certbot for subdomain:
_acme-challenge.yourdomain.tld
To verify the record is created you can use a dig command, e.g.:
$ dig TXT _acme-challenge.yourdomain.tld +short "b9JR3kNCti7zPKjwVvedPX9X9zagLyxW2rbOkttwBmY"
Once wildcard SSL certificate is generated it will be saved at:
$ sudo ls /etc/letsencrypt/live/yourdomain.tld cert.pem chain.pem fullchain.pem privkey.pem README
Thank you so much! Finally an easy to read an no blabla explanation!