Open in app

Sign in

Write

Sign in

How to obtain a wildcard ssl certificate from Let’s Encrypt and setup Nginx to use wildcard subdomain

Utkarsh Verma
2 min readMay 17, 2018

--

Recently Let’s Encrypt officially started issuing wildcard ssl certificate using Automated Certificate Management Environment (ACME) V2 endpoint.

This is the continuation of the article that I have written before.

Let’s begin by

  • Installing Let’s Encrypt on Ubuntu 16.04 server
  • Installing Nginx
  • Setup DNS to serve all the subdomains
  • Obtaining wildcard ssl certificate from Let’s Encrypt
  • Configuring Nginx to serve wildcard subdomains
  • Test and restart Nginx

Installing Let’s Encrypt on Ubuntu 16.04 server

sudo add-apt-repository ppa:certbot/certbotsudo apt-get updatesudo apt-get install python-certbot-nginx

Installing Nginx

sudo apt-get updatesudo apt-get install nginx

Setup DNS to serve all the subdomains

  • Create a custom A record, HOST * POINTS TO: Your IP Address(Eg: 103.21.0.108)
  • Create a custom A record, HOST @ POINTS TO: Your IP Address(Eg: 103.21.0.108)
  • Add a CNAME record, HOST www POINTS TO @ this refers to your IP address.

Obtaining wildcard ssl certificate from Let’s Encrypt

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly

Note:- Replace example.com with your domain name

Deploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command

Configuring Nginx to serve wildcard subdomains

  • Create a config file sudo touch /etc/nginx/sites-available/example.com
  • Open the file sudo vi /etc/nginx/sites-available/example.com
  • Add the following code in the file
server {
  listen 80;
  listen [::]:80;
  server_name *.example.com;
  return 301 https://$host$request_uri;
}server {
  listen 443 ssl;
  server_name *.example.com;  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;  root /var/www/example.com;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

Note:- Replace example.com with your domain name.

The above server block is listening on port 80 and redirects the request to the server block below it that is listening on port 443.

Test and restart Nginx

  • Test Nginx configuration using sudo nginx -t
  • If it’s success reload Nginx using sudo /etc/init.d/nginx reload

Nginx is now setup to handle wildcard subdomains.

Good luck with building your application.
Do let me know if you face any issues during the configuration :)
I am available at Utkarsh Verma

Ssl Certificate
Free Ssl Certificate
Lets Encrypt
Nginx
Wildcard Subdomains

--

--

Utkarsh Verma

Written by Utkarsh Verma

175 Followers

Tech @hackinoutco

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams