Let’s Encrypt recently added wildcard certifications but it involves a little more steps than a normal certification process. First you must make sure you have certbot version 0.22.0 or above. You can get the latest version from the certbot site. As of now, you can’t get a high enough version using
chmod a+x ./certbot-auto
Once the latest version is installed we need to get a TXT DNS record value to add to Namecheap. This allows Let’s Encrypt to verify with your domain name provider rather than the server on a per subdomain basis. We can request a vlue for the TXT record from Let’s Encrypt with:
sudo certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns -d *.lmerza.com
lmerza.com with the name of your domain. Let’s Encrypt will ask you about exposing your server IP address to log the verification, select Yes then it will give you the host and value for the new TXT record you need to create:
Please deploy a DNS TXT record under the name
_acme-challenge.lmerza.com with the following value:
Before continuing, verify the record is deployed.
In the advanced DNS panel for your domain in Namecheap we need to create a new TXT Record and add
yB0AXXXXXXORZXTwzeXXXXXXXXXXXXXXXXmOoA1-XXX as the value:
Namecheap might take a while to sync the new record but you can test to see if the record has been synced by running the command (again replacing the domain name):
nslookup -type=TXT _acme-challenge.lmerza.com
You’ll get a
server can’t find _acme-challenge.lmerza.com: NXDOMAIN error if the record hasn’t synced and a success answer like this if it has:
Address: 192.XXX.XXX.XXX#XXNon-authoritative answer:
_acme-challenge.lmerza.com text = "5GFgXXWfT5V-XXXXXWfT5XXXX"
Once the record is synced continue the certbot process by pressing enter and you will see the usual
Congratulations! Your certificate and chain have been saved at message. You can now use these new certification files to add to your web server.