Generate Wildcard SSL certificate using Let’s Encrypt/Certbot
From past few days or months, everyone on the World Wide Web is talking about SSL certificates and rushing to implement them. But Why? Cause recently google has announced, if your website, webpages or web-applications does not have SSL certificate then Chrome will label them as Non-Secured.
In this blog will cover, how to generate a wildcard SSL certificate for your domain using Certbot. I am generating a certificate for the domain erpnext.xyz
Step 1: Setup Pre-requisites
If you already have a droplet or a system then make sure your system has Python 2.7 or 3 and git installed on it. As I am starting on fresh Ubuntu droplet, we have to set up the above pre-requisites.
apt-get update
apt-get install python-minimal
python --version
apt-get install git-core
git --version
Step 2: Setup Certbot
After setting up the pre-requisites, now will setup the Certbot via Github.
cd /opt
git clone https://github.com/certbot/certbot.git
cd certbot && ./certbot-auto
While installing the Certbot, I came across the error
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/virtualenv.py", line 2363, in <module>
main()
File "/usr/lib/python3/dist-packages/virtualenv.py", line 719, in main
symlink=options.symlink)
File "/usr/lib/python3/dist-packages/virtualenv.py", line 988, in create_environment
download=download,
File "/usr/lib/python3/dist-packages/virtualenv.py", line 918, in install_wheel
call_subprocess(cmd, show_stdout=False, extra_env=env, stdin=SCRIPT)
File "/usr/lib/python3/dist-packages/virtualenv.py", line 812, in call_subprocess
% (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code
After googling, I came to know, the error triggered due to improper locale variables. Set the locale variables and re-run.
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
You can also install the Certbot via the apt installer.
apt-get install letsencrypt
Step 3: Generate The Wildcard SSL Certificate
Now with the help of Certbot will generate wildcard certificate for our test domain erpnext.xyz
Note: As we are generating wildcard ssl certificate, mention domain with * i.e. *.erpnext.xyz
Step 4: Authenticate The Domain’s Ownership
For wildcard certificates, the only challenge method Let’s Encrypt accepts is the DNS challenge, which we can invoke via the preferred-challenges=dns flag.
After executing the above command, the Certbot will share a text record to add to your DNS.
Please deploy a DNS TXT record under the name
_acme-challenge.erpnext.xyz with the following value:J50GNXkhGmKCfn-0LQJcknVGtPEAQ_U_WajcLXgqWqo
Record Name: _acme-challenge
Record Value: J50GNXkhGmKCfn-0LQJcknVGtPEAQ_U_WajcLXgqWqo
Create TXT record via DNS console and setup key and value
Step 5: Get The Certificate
Once you authenticate the domain ownership; by cleaning up dns challenges, Certbot generates the ssl certificate and required keys.
Congratulations!!! You have successfully generated wildcard SSL certificate for your domain.
Step 6: Cross Verify The Certificate
To cross verify certificate’s validity via command line run
./certbot-auto certificates