How to setup free willdcard SSL certificate from LetsEncrypt

We’ll use Centos 7. Run:

yum install epel-release && yum install install certbot

Or if you already have certbot installed

yum update certbot

Once done fire (change example.com to your domain):

certbot certonly --manual -d *.example.com,example.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

A certificate created for *.example.com is not valid for example.com, so you have to add it explicitly. Be aware that you must agree with the public IP logging to be able to get the wildcard certificate:

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Yes

After that you need to add a new TXT DNS record for _acme-challenge.example.com and hit Enter.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/example.com/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/example.com/privkey.pem
 Your cert will expire on 2018-06-14. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew *all* of your certificates, run
 "certbot renew"
 - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
 Donating to EFF: https://eff.org/donate-le

That’s it. You have a free wildcard SSL certificate.

Leave a Reply

Your email address will not be published.