Install wildcard certificates for apache

Let's encrypt now provides wildcard certificates to be deployed for servers groups and even for the servers at intranet.

I am using CEntOS here.
Install apache and mod_ssl plugin then install certbot package.
Certbot package is available in Epel repository
Enable the EPEL repository
yum install epel-release

Install Certbot with dns plugin
yum install certbot python2-certbot-dns-rfc2136

Start the process with the following command
certbot certonly \--manual \
--preferred-challenges=dns \
--email \
--server \
--agree-tos \
-d *

Replace with your own domain and your email.

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Update the TXT record with the generated value and verify the record before pressing enter."7Cvl9fgz8OlwUCJVTFg5dLatVAcQDLPIY66AVImhXhk"

Once it it verified message is displayed as follows.

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2019-07-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

Certificates are saved in the location
/etc/letsencrypt/live/ and  /etc/letsencrypt/live/
Update the certificate and key file location as in apache ssl configuration file.


Post a Comment