How to create wildcard certificates with Let’s Encrypt

Language: Deutsch | English

Since yesterday Let’s Encrypt supports wildcard certificates so you can issue a certificate for all subdomains of a domain. This is very nice and powerful but how can you create such certificates?

First of all, you need the latest version of certbot (preferably the git version). Start the certificate process using the following command. You need replace with your domain.

(perhaps you need to replace certbot with ./certbot-auto, especially in the git version)
Why are we using the --server-option? It is possible that certbot wants to use the old ACME v1 endpoint which doesn’t support wildcard certificates (especially when you have an existing LE installation). Therefore we need to help out certbot a little bit. It’s likely that you need to enter your email address and accept the terms of service (again) because of the new endpoint.

Now the following text is shown (with your domain data of course):

You need to create a TXT record with the displayed value in your DNS zone now.

If you use the options as shown above you will see a second key. You need to create a second record because every requested domain needs its own TXT record for the challenge and validation. It’s possible to create multiple Resource Records for one domain. Your DNS records can look like this:

LESETIPP  Let's Encrypt Wildcard-Zertifikate verspäten sich

Update the DNS zone and check the TXT record. Then press enter again. Now certbot requests the certificate. The issued certificate data is located in /etc/letsencrypt/live/. The TXT records aren’t needed until you need to renew your certificate.

Gefällt dir der Artikel? Dann empfiehl ihn weiter!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.