Install LetsCrypt SSL Wildcard Certificate on Ubuntu
INSTALLING CERTBOT
sudo add-apt-repository ppa:certbot/certbotsudo apt-get updatesudo apt-get install python-certbot-nginx
INSTALLING NGINX
sudo apt-get update
sudo apt-get install nginx
Setup DNS to serve all the subdomains
- Create a custom A record, HOST * POINTS TO: Your IP Address(Eg: 103.21.0.108)
- Create a custom A record, HOST @ POINTS TO: Your IP Address(Eg: 103.21.0.108)
- Add a CNAME record, HOST www POINTS TO @ this refers to your IP address.
Obtaining wildcard ssl certificate from Let’s Encrypt
sudo certbot –server https://acme-v02.api.letsencrypt.org/directory -d *.example.com –manual –preferred-challenges dns-01 certonly
Note:- Replace example.com with your domain name
Deploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command
Configuring Nginx to serve wildcard subdomains
- Create a config file
sudo touch /etc/nginx/sites-available/example.com
- Open the file
sudo vi /etc/nginx/sites-available/example.com
- Add the following code in the file
server {
listen 80;
listen [::]:80;
server_name *.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name *.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Test and restart Nginx
- Test Nginx configuration using
sudo nginx -t
- If it’s success reload Nginx using
sudo /etc/init.d/nginx reload
Nginx is now setup to handle wildcard subdomains.
REFERENCES