This post is going to show students and users that Setup and install Let’s Encrypt Wildcard SSL on Ubuntu 18.04 | 20.04. If you are going to install Let’s Encrypt Wildcard SSL then this post will be helpful for you.
Let’s Encrypt is a certificate authority that provides non-profit and Free SSL/Transport Layer Security encryption(TLS) certificate. This authority run and managed by Internet Security Research Group.
The SSL/TLS certificate provided by Let’s Encrypt are valid only for 90 days and you can renew it at any time
Follow the below steps to get your free SSL certificates to install on your web server :
Step 1: Install Let’s Encrypt Certbot Tool
For generate certificate, you need to make sure that Certbot is installed and running. If not then run below commands to install it :
sudo apt update
sudo apt-get install letsencryptStep 2: Generate Let’s Encrypt Wildcard SSL Certificate
Let’s Encrypt authority provides many ways to validate that you own the domain you want to provide SSL certificates for.
Run the below command to generate a wildcard cert for domain example.com. You should change example.com with your registered domain.
sudo certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d example.com -d *.example.comAfter run the above command, Let’s Encrypt provide a text string to add as a text record to your DNS Record.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
z5MrZ6d-aqFJQRmp_lGi9RTQHPa1aTC9J2O7wDKzp9
Before continuing, verify the record is deployed.Now Go to your DNS provider dashboard and open DNS zone file to add a text record for the above provided text string.
After validate that you own the provided domain, you will see a successful message like below :
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-01-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leNow the wildcard certificate is generated and ready for use. So run the below command to verify that the certificate is ready to use.
sudo certbot certificatesWhen you run above command it will show similar screen like below:
Found the following certs:
Certificate Name: example.com
Domains: *.example.com
Expiry Date: 2020-03-03 10:21:04+00:00 (VALID: 90 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pemIf you want automatic renewal process then you will need to setup cron job for automatic renewal process.
Run the below command to open cron tab :
sudo crontab -eNow add the below line and save
0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.logSave and you are done to Setup and install it on Ubuntu 18.04 | 20.04
That’s all
If you find any error and issue in above steps , please use comment box below to report.
