Question

SSL Debian 11 certbot wildcard certificate problem

I am trying to set up SSL on my digital ocean droplet, running Debian 11 with apache. I was running into python related errors using apt-get, and came across on the “Let’s Encrypt” website information instructing me to use snap. I successfully obtained a “let’s Encrypt” certificate for my droplet using snap, but I cannot find info on how to create/obtain a wildcard certificate for “*.mydomain.com.” All of the digital ocean wildcard tutorials use apt-get?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
February 7, 2024

Heya,

Can you post the python related errors using apt-get?

Additionally, if you have managed to install the cerbot package, using the bellow should do the trick:

sudo certbot certonly --manual --preferred-challenges=dns -d '*.mydomain.com' -d 'mydomain.com'
Bobby Iliev
Site Moderator
Site Moderator badge
February 6, 2024

Hey!

It’s quite interesting to run into Python-related errors with apt-get on Debian 11, as it’s quite robust. Could you provide more details about these errors? Knowing the exact error messages could help in diagnosing the issue more accurately. It’s possible that the solution might be simpler than expected and could avoid the need for alternative installation methods.

Regarding the installation of Snap and subsequently Certbot, it would be helpful to know more about how you installed Snap on your Debian 11 system. Snap is a universal package system that works across different Linux distributions, but its integration with Debian is not always out-of-the-box. Also, could you specify which tutorial or set of instructions you followed to install Certbot using Snap? And did you install the python3-certbot-dns-digitalocean package?

Once we’ve addressed the Python errors and the process you followed to install Snap and Certbot, we can revisit the topic of obtaining a wildcard SSL certificate for your domain. The process you’ve attempted with Snap and Certbot is indeed a recommended approach when DNS-01 challenge validation is required for wildcard certificates. However, understanding the specific steps you’ve taken and any errors or challenges encountered during this process would be invaluable.

If you prefer to keep the current certbot installation, then the process should look as follows, but it is hard to tell without knowing the exact version that you have:

To obtain a wildcard certificate, use the certbot command with the --manual flag and --preferred-challenges dns since wildcard certificates require DNS validation. Replace *.mydomain.com with your domain.

sudo certbot certonly --manual --preferred-challenges=dns -d '*.mydomain.com' -d 'mydomain.com'

Certbot will provide you with a DNS TXT record to add to your domain’s DNS configuration. This record is usually in the form of _acme-challenge.mydomain.com. Add the provided TXT record in your DNS settings and wait a few minutes for the changes to propagate across the internet.

After adding the DNS record and waiting for propagation, proceed with the verification process in Certbot. If the DNS challenge is successfully verified, Certbot will issue the wildcard certificate.

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more