How to setup free willdcard SSL certificate from LetsEncrypt

We’ll use Centos 7. Run:

yum install epel-release && yum install install certbot

Or if you already have certbot installed

yum update certbot

Once done fire (change to your domain):

certbot certonly --manual -d *, --preferred-challenges dns-01 --server

A certificate created for * is not valid for, so you have to add it explicitly. Be aware that you must agree with the public IP logging to be able to get the wildcard certificate:

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
(Y)es/(N)o: Yes

After that you need to add a new TXT DNS record for and hit Enter.

 - Congratulations! Your certificate and chain have been saved at:
 Your key file has been saved at:
 Your cert will expire on 2018-06-14. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew *all* of your certificates, run
 "certbot renew"
 - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:
 Donating to EFF:

That’s it. You have a free wildcard SSL certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *