Install wildcard certificates for apache

By
Advertisement
Let's encrypt now provides wildcard certificates to be deployed for servers groups and even for the servers at intranet.

I am using CEntOS here.
Install apache and mod_ssl plugin then install certbot package.
Certbot package is available in Epel repository
Enable the EPEL repository
yum install epel-release

Install Certbot with dns plugin
yum install certbot python2-certbot-dns-rfc2136

Start the process with the following command
certbot certonly \--manual \
--preferred-challenges=dns \
--email dipes@dipes.com.np \
--server  https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
-d *.dipes.com.np


Replace dipes.com.np with your own domain and your email.

Please deploy a DNS TXT record under the name
_acme-challenge.dipes.com.np with the following value:

7Cvl9fgz8OlwUCJVTFg5dLatVAcQDLPIY66AVImhXhk

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue


Update the TXT record with the generated value and verify the record before pressing enter.


_acme-challenge.dipes.com.npTXT"7Cvl9fgz8OlwUCJVTFg5dLatVAcQDLPIY66AVImhXhk"






Once it it verified message is displayed as follows.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/dipes.com.np/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/dipes.com.np/privkey.pem
   Your cert will expire on 2019-07-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:




Certificates are saved in the location
/etc/letsencrypt/live/dipes.com.np/fullchain.pem and  /etc/letsencrypt/live/dipes.com.np/privkey.pem
Update the certificate and key file location as in apache ssl configuration file.

0 comments:

Post a Comment