Tutorial for let's encrypt wildcard?

March 14, 2018 22.5k views
Let's Encrypt Ubuntu 16.04
10 Answers

We'll definitely be covering that topic! Quite a few of us here at DO were very excited to see this release. We're looking into it now, but we'll likely not provide a new tutorial until the new certbot version is available in the official PPA. See this convo on the Let's Encrypt forum for more details:

Any update on this? Looking for the tutorial.

This worked for me: https://blogs.msdn.microsoft.com/mihansen/2018/03/15/creating-wildcard-ssl-certificates-with-lets-encrypt/

Pretty simple actually.

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.<your.domain>

Afaik the certbot-client doesn't yet support automatic challenges with the dns-digitalocean authenticator. However, the certbot docker container does.

sudo docker run -it --rm --name certbot \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "<path-to-output-directory>:/keys" \
    certbot/dns-digitalocean certonly --server https://acme-v02.api.letsencrypt.org/directory \
    --dns-digitalocean --dns-digitalocean-credentials <path-to-DO-conf.ini> "*.yourdomain.tld"

Certbot worked fine for me for multiple wildcard certificates once I specified the --server argument

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --dns-digitalocean --dns-digitalocean-credentials <PATH_TO_CREDENTIALS.INI> --dns-digitalocean-propagation-seconds 60 -d \*.example.com -d example.com d \*.example2.com -d example2.com
  • does this automatically renew?

    • No, but it will if you install a crontab.

      Create the file renew.sh a level above your webroot (let's call it /var/www) and add the renewal command along with service httpd restart on a new line. Then use the following crontab to renew every 1st of each month:

      0 0 * */1 * /var/www/renew.sh >/dev/null 2>&1

  • What is the path to DNS credentials?

Hello I used the above command to create the certificates.

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory \
      --dns-digitalocean --dns-digitalocean-credentials <PATH_TO_CREDENTIALS.INI> \
      --dns-digitalocean-propagation-seconds 60 \
      -d \*.example.com -d example.com d \*.example2.com -d example2.com

So now for the automatic cron renewal I have 2 questions:

1) Do I use the exact same command in the cron shell renew.sh script? 2) Since I created this from a non root account, do I need to install the cron job as root or can I use the same user.



I'm looking forward for this tutorial, too.
Any news ?

Thank you,

Any idea when there will be an official DO tutorial? I am having troubles with auto renewals.

I'm interested in a tutorial / guide on this as well. Is there an ETA now that it seems like we're at certbot >0.22 in the PPA.

Plus for tutorial, I've spent hours before make it work.

Have another answer? Share your knowledge.