Tutorial for let's encrypt wildcard?

March 14, 2018 10.3k views
Let's Encrypt Ubuntu 16.04
8 Answers

We'll definitely be covering that topic! Quite a few of us here at DO were very excited to see this release. We're looking into it now, but we'll likely not provide a new tutorial until the new certbot version is available in the official PPA. See this convo on the Let's Encrypt forum for more details:

Any update on this? Looking for the tutorial.

This worked for me: https://blogs.msdn.microsoft.com/mihansen/2018/03/15/creating-wildcard-ssl-certificates-with-lets-encrypt/

Pretty simple actually.

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.<your.domain>

Afaik the certbot-client doesn't yet support automatic challenges with the dns-digitalocean authenticator. However, the certbot docker container does.

sudo docker run -it --rm --name certbot \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "<path-to-output-directory>:/keys" \
    certbot/dns-digitalocean certonly --server https://acme-v02.api.letsencrypt.org/directory \
    --dns-digitalocean --dns-digitalocean-credentials <path-to-DO-conf.ini> "*.yourdomain.tld"

Hello,

I'm looking forward for this tutorial, too.
Any news ?

Thank you,

Certbot worked fine for me for multiple wildcard certificates once I specified the --server argument

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --dns-digitalocean --dns-digitalocean-credentials <PATH_TO_CREDENTIALS.INI> --dns-digitalocean-propagation-seconds 60 -d \*.example.com -d example.com d \*.example2.com -d example2.com
  • does this automatically renew?

    • No, but it will if you install a crontab.

      Create the file renew.sh a level above your webroot (let's call it /var/www) and add the renewal command along with service httpd restart on a new line. Then use the following crontab to renew every 1st of each month:

      0 0 * */1 * /var/www/renew.sh >/dev/null 2>&1

  • What is the path to DNS credentials?

Any idea when there will be an official DO tutorial? I am having troubles with auto renewals.

I'm interested in a tutorial / guide on this as well. Is there an ETA now that it seems like we're at certbot >0.22 in the PPA.

Have another answer? Share your knowledge.