I just recently learned about Let’s Encrypt having wildcards this past week and I thought to myself, great, I recently purchased 3 SSL Certificates Wildcards for my sites. I believe I paid like 2 years for like $99 which is fine because it is the cheapest I can find. If I actually knew that Let’s Encrypt will be coming out with wildcards support, I wouldn’t even think about purchasing wildcards whatsoever.
How to setup Let’s Encrypt SSL Certificates Wildcards
You will need an account over at github.com and I would recommend setting up two factor authentication and secure shell (ssh) so that your account is secure as much as possible. After you successfully setup ssh for your GitHub account. You will need to clone the following repository to your local computer. I found out that is not necessary to clone and setup your certificates inside your server, this way if you do it locally on your computer, you basically have a copy of it just in case something happens.
Head over to the terminal on your computer, if you are using a Mac and Ubuntu, the terminal with git should be downloaded and install. Once you have install git, you will need to do the following to clone the repository.
git clone firstname.lastname@example.org:certbot/certbot.git
sudo ./certbot-auto certonly --manual --server https://acme-v02.api.letsencrypt.org/directory
This will automatically install any dependecies that are needed to begin the process of creating a wild card certificate. Follow the instructions and once you get to where you need to enter a domain name. You will need to enter the following.
Please make sure that there’s a between the wildcard and the actual domain name so that both can be register. Next you will be asked to setup a DNS TXT as a DNS record and it should generate a code for you. You will need to go to your hosting account and head over to the DNS record and add the following so that Let’s Encrypt an recognize as a DNS TXT. We are actually doing let’s encrypt through DNS instead of webroot or in other way which I don’t know yet. I think this is the easiest way I can think of right now.
Once you create that, make sure that value is the generate code that is given to you. Once that’s done, press enter, then the next part you will need to create a new file under your domain name and it will generate a new code for you to use.
domainname.com/.well-known/acme-challenge/ with a generated name and content. You may need to wait your domain name to be propagate if its a new site. Propagate usually takes 48 to 72 hours to complete around the world to find your domain name.
After you successfully added the content and press enter, it will take some few seconds to verify and if it success, it will automatically create a new .pem file one is cert.pem and a privkey.pem. Upload these two files to the correct location and assign it to your domain name and now it should work.
So far, I have already register two domains names with wild cards with Let’s Encrypt. Now I have to wait for two years till the purchase of the 3 SSL certificates expires. I am very happy that wildcards are now supported. no more creating SANs and stuff like that just to get certs for sub domains.