Generating your first Wildcard SSL Certificate via Certbot/Let's Encrypt
-
With over ten thousand wildcard certificates issued by Let's Encrypt, we're seeing HTTPS adoption skyrocket towards the moon, and that's an investment you can take to the bank.
Remember, browser vendors are increasingly concerned for users' overall safety. In fact, Chrome will soon mark all unencrypted pages as "not secure", which gives us yet another reason to secure our sites via Let's Encrypt.
Without further ado, here's how we generated a Wildcard SSL certificate for NodeBB. We use it for newly-created instances in our hosting, which are by default given a subdomain under the
.nodebb.comdomain.Click here to see the full blog post
-
What if I currently have a single domain SSL Certificate issued by cerbot/Let's Encrypt and now I want the wildcard SSL?
-
@stephanbarker you can try this script
https://github.com/Neilpang/acme.sh -
The need of a manual renewal after (less than) 3 months is annoying. For some domain name service providers (e.g. Cloudflare) automatic renewal is possible by using special plugins. On a server with root access there is another possibilty: Install a small domain name server (I recommend yadifa) on this server, delegate the subdomain „_acme-challenge“ of your domain to this server and add a small bash script which will make the necessary DNS updates when you run certbot. On https://github.com/hatzfeld/certbot-local-dns I explain how to do this.
-
Thanks for the tip
-- yes, having to manually do this every 3 months is quite annoying, although at this time, the various DNS plugins are immature and are not easily installable without compilation, hence I have not included their usage in the blog post.Once they are bundled in Let's Encrypt proper, then I will publish another blog post with updates.
-
If you set up nginx correctly, you can have autorenewal just fine.
-
This post is deleted!
-
Oh wildcard certs, I'm not sure
-
I just renewed one of my wildcards. You indeed need to use DNS and the TXT records need to change every time. You would need to use a script to set the TXT records for auto-renew.
