February 27

Free Wildcard SSL Certificate From Let's Encrypt with certbot

Instruction is from certbot.eff.org with actual testing note.

1. Add Certbot PPA

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

2. Install Certbot

sudo apt-get install certbot python-certbot-apache

3. get and install your certs

sudo certbot --apache

or, just get a certificate

sudo certbot certonly --apache

4. test automatic renewal

sudo certbot renew --dry-run

For wildcard, you should run acme-v02 for wildcard domains.

$ sudo certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d '*.{your.domain}' -d {your.domain}

Once return the txt record for your domain, add it to your host record. Wait for your txt record to get updated. (normally will take 15-20 mins).

continue the instruction for wildcard setting.

update your apache conf for sites with cert records, ex:

SSLCertificateFile /etc/letsencrypt/live/{yoursite.com}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{yoursite.com}/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Cross Verify The Certificate

certbot certificates

For delete a cert:

sudo certbot delete --cert-name disignir.com

Add more multiple domains to a cert:

sudo certbot certonly --apache --cert-name mydomain.com -d mydomain.com -d www.mydomain.com -d cdn.mydomain.com

Add new domain to an existing cert:

sudo certbot certonly --apache 

Delete domain(s) from existing cert:

sudo certbot certonly --apache --cert-name domaincert.com -d removedomain.com -d another.removedomain.com

You'll notice each certificate has a "name". Let's say you have a certificate with a name of example.com, and it has a certificate for the domain example.com as well. You can use the certonly option to just update the certificate, and use the --cert-name option to specify exactly which certificate you are updating. Don't forget to include your existing domain as well as the new domain you are adding.

sudo certbot certonly --apache --cert-name example.com -d example.com,www.example.com

Send us a message. We will reply as soon as we can.