linux,

Install LetsCrypt SSL Wildcard Certificate on Ubuntu

Follow Apr 24, 2022 · 1 min read

Install LetsCrypt SSL Wildcard Certificate on Ubuntu

INSTALLING CERTBOT

sudo add-apt-repository ppa:certbot/certbotsudo apt-get updatesudo apt-get install python-certbot-nginx

INSTALLING NGINX

sudo apt-get update
sudo apt-get install nginx

Setup DNS to serve all the subdomains

  • Create a custom A record, HOST * POINTS TO: Your IP Address(Eg: 103.21.0.108)
  • Create a custom A record, HOST @ POINTS TO: Your IP Address(Eg: 103.21.0.108)
  • Add a CNAME record, HOST www POINTS TO @ this refers to your IP address.

Obtaining wildcard ssl certificate from Let’s Encrypt

sudo certbot –server https://acme-v02.api.letsencrypt.org/directory -d *.example.com –manual –preferred-challenges dns-01 certonly

Note:- Replace example.com with your domain name

Deploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command

Configuring Nginx to serve wildcard subdomains

  • Create a config file sudo touch /etc/nginx/sites-available/example.com
  • Open the file sudo vi /etc/nginx/sites-available/example.com
  • Add the following code in the file
server {
  listen 80;
  listen [::]:80;
  server_name *.example.com;
  return 301 https://$host$request_uri;
}
server {
  listen 443 ssl;
  server_name *.example.com;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  root /var/www/example.com;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

Test and restart Nginx

  • Test Nginx configuration using sudo nginx -t
  • If it’s success reload Nginx using sudo /etc/init.d/nginx reload

Nginx is now setup to handle wildcard subdomains.

REFERENCES

https://medium.com/@utkarsh_verma/how-to-obtain-a-wildcard-ssl-certificate-from-lets-encrypt-and-setup-nginx-to-use-wildcard-cfb050c8b33f


Written by