Free wildcard certificates with LetsEncrypt
LetsEncrypt announced last year that they will be issuing free wildcard SSL certificates this year. Though it was planned to go live around January, it was delayed and finally they went live on March 13, 2018.
LetsEncrypt wildcard certificates can be issued through clients that support ACME v2 clients using the new directory
https://acme-v02.api.letsencrypt.org/directoryThe most popular ACME client “certbot” is set to use this directory by default from their 0.23.0 release (link).
You can however issue a wildcard certificate from the current version of certbot. Heres how you do it.
$ certbot certonly --manual -d *.pasls.com --agree-tos --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directoryOnly DNS authentication is supported for wildcard certificates. So once you run this command, it will ask you to add a TXT record to your domain.
After you add the said TXT record, confirm the DNS has updated before you hit enter. You can check if the DNS has been properly updated using dig
$ dig _acme-challenge.pasls.com TXT # checking in local DNS server
$ dig @8.8.8.8 _acme-challenge.pasls.com TXT # checking at Google DNS serverOnce you see the challenge text in the answer section, press Enter in the certbot terminal.
There you have your free wildcard SSL certificate. Thanks to LetsEncrypt!
