We’ll use Centos 7. Run:
yum install epel-release && yum install install certbot
Or if you already have certbot installed
yum update certbot
Once done fire (change example.com to your domain):
certbot certonly --manual -d *.example.com,example.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
A certificate created for *.example.com is not valid for example.com, so you have to add it explicitly. Be aware that you must agree with the public IP logging to be able to get the wildcard certificate:
------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: Yes
After that you need to add a new TXT DNS record for _acme-challenge.example.com and hit Enter.
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2018-06-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
That’s it. You have a free wildcard SSL certificate.