When you want to run your website over HTTPS, you’ll have to install SSL certificates. You can either pay for certificates from a certificate authority or get free ones from Let’s Encrypt. Let’s Encrypt is a certificate authority (CA) that provides free SSL/TLS certificates using a fully automated process that eliminates manual certificate creation, validation, installation, and renewal. When generated, you’ll be able to install these certificates on your web servers to serve HTTPS traffic to your users and audience. So, to get your free wildcard certificates to install on your web server, follow the steps below: Below you’ll learn how to generate a wildcard SSL certificate for your domain using Certbot.

Install the Let’s Encrypt Certbot Tool

Before generating your free wildcard certificates, you’ll first want to make sure certbot is installed and running. To install it, run the commands below: The commands above will install the certbot tool and all dependencies that will be allowed to make the tool function.

Generate Let’s Encrypt Wildcard SSL Certificate

Now that the tool is installed, you can now proceed to generate certificates. Let’s Encrypt provides many ways to challenge you to validate that you own the domain you want to provide SSL certificates for. You will not be able to generate certificates if you can’t prove that you own the domain you want certificates for. However,  for wildcard certificates, the only challenge method Let’s Encrypt accepts is the DNS challenge, which we can invoke via the preferred-challenges=dns flag. So, to generate a wildcard cert for domain *.example.com, you run the commands below. You should also include the bare domain with registering. The command options above are explained below:

certonly:                                     Obtain or renew a certificate, but do not install –manual:                                    Obtain certificates interactively –preferred-challenges=dns:      Use dns to authenticate domain ownership –server:                                      Specify the endpoint to use to generate –agree-tos:                                 Agree to the ACME server’s subscriber terms -d:                                               Domain name to provide certificates for

After executing the command above, Let’s Encrypt will provide a text string to add a text record to your DNS entry. Example: Go to your DNS provider portal and add a text record for the string above and save. Wait a few mins before continuing from the prompt. Some DNS providers take a while to propagate changes so it may depend on your provider’s platform. After the changes above and Let’s Encrypt can validate that you own the domain, you should see a successful message as below: That should do it! The wildcard certificate is now generated and ready to be used. To verify that the certificate is ready, run the commands below: That should display a similar screen as below: You’re all set! Now, Let’s Encrypt’s certificates are valid for 90 days. You’ll want to set up a cron job to automate the renewal process. To do that, open crontab and add the entry below: Then add the line below and save. Save and you’re done! Conclusion: This post showed you how to set up Let’s Encrypt SSL wildcard certificates on Ubuntu 20.04 | 18.04. If you find any error above, please use the comment form below to report. Thanks, You may also like the post below: