How to Generate Let’s Encrypt SSL Wildcard using Certbot?
Introduction
How to Generate Let’s Encrypt SSL Wildcard with CloudFlare? This guide will show you how to generate lets encrypt ssl wildcard certificate with CloudFlare.
A wildcard certificate is an SSL certificate that can secure any number of subdomains with a single certificate. You may want a wildcard certificate in cases where you need to support multiple subdomains but don’t want to configure them all individually.
Let’s Encrypt is an SSL certificate authority that grants free certificates using an automated API. In this tutorial you will create a Let’s Encrypt wildcard certificate by following these steps:
Step 1 - Creating a temporary website Step 2 - Getting CloudFlare Global API Key Step 3 - Configuring the Certbot Plugin Step 4 - Installing the Correct Certbot DNS Plugin Step 5 - Generating Let's Encrypt SSL Wildcard Certificate Step 6 - Using SSL Wildcard Certificate
Prerequisites
A running website on port 80
or
New Ubuntu VM 18.04 or later
Docker Installed
Follow this guide to install docker: https://docs.docker.com/engine/install/ubuntu/
If you already have a website running on port 80. You can skip step 1
Step 1 – Creating a temporary website
Create a temporary webserver using container
docker run --name test-nginx -d -p 80:80 nginxTest website connection
curl http://localhostStep 2 – Getting Cloudflare Global API Key
Because each provider has a different authentication process, please refer to the documentation for your particular Certbot DNS plugin for more information on what tokens or keys you’ll need to obtain.
For this example, we will use the dns-cloudfalre plugin
Access: https://dash.cloudflare.com/profile/api-tokens and note API Key. We will use it later
Step 3 – Configuring the Certbot Plugin
We will need an Certbot authentication file to connect to your DNS provider and create DNS records on your behalf.
For this example, we will use the dns-cloudfalre plugin, and will store our credentials in the file /root/.secrets/cloudflare.ini
sudo mkdir -p /root/.secrets/
sudo touch /root/.secrets/cloudflare.ini
sudo chmod 0700 /root/.secrets/
sudo chmod 0400 /root/.secrets/cloudflare.iniCreatting a file using vi editor:
vi /root/.secrets/cloudflare.inidns_cloudflare_email = "Email login in CloudFare" dns_cloudflare_api_key = "Global API Key in Step 2"
Step 4 – Installing the Correct Certbot DNS Plugin
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx python3-certbot-dns-cloudflareStep 5 – Generating Let’s Encrypt SSL Wildcard Certificate
Replace example.com with yourdomain
sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d example.com,*.example.com --preferred-challenges dns-01For example:
sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d hijackson.com,*.hijackson.com --preferred-challenges dns-01
After generating successfully, you can find your certificate in /etc/letsencrypt/live/yourdomain
Step 6 – Using SSL Wildcard Certificate
If your website is running on this server. Change nginx SSL configuration to:
certificate: /etc/letsencrypt/live/yourdomain/fullchain.pem private_key: /etc/letsencrypt/live/yourdomain/privkey.pem
If this is a temporary webserver, then copy all files in /etc/letsencrypt/archive/yourdomain to other webserver, and reuse it.
Refer the README for more details:
privkey.pem : the private key for your certificate.fullchain.pem: the certificate file used in most server software.chain.pem : used for OCSP stapling in Nginx >=1.3.7.cert.pem : will break many server configurations, and should not be used without reading further documentation (see link below).