How to obtain a wildcard ssl certificate from Let’s Encrypt and setup Nginx to use wildcard subdomain

Recently Let’s Encrypt officially started issuing wildcard ssl certificate using Automated Certificate Management Environment (ACME) V2 endpoint.

This is the continuation of the article that I have written before.

Let’s begin by

  • Installing Let’s Encrypt on Ubuntu 16.04 server
  • Installing Nginx
  • Setup DNS to serve all the subdomains
  • Obtaining wildcard ssl certificate from Let’s Encrypt
  • Configuring Nginx to serve wildcard subdomains
  • Test and restart Nginx

Installing Let’s Encrypt on Ubuntu 16.04 server

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Installing Nginx

sudo apt-get update
sudo apt-get install nginx

Setup DNS to serve all the subdomains

  • Create a custom A record, HOST * POINTS TO: Your IP Address(Eg: 103.21.0.108)
  • Create a custom A record, HOST @ POINTS TO: Your IP Address(Eg: 103.21.0.108)
  • Add a CNAME record, HOST www POINTS TO @ this refers to your IP address.

Obtaining wildcard ssl certificate from Let’s Encrypt

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly
Note:- Replace example.com with your domain name
Deploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command

Configuring Nginx to serve wildcard subdomains

  • Create a config file sudo touch /etc/nginx/sites-available/example.com
  • Open the file sudo vi /etc/nginx/sites-available/example.com
  • Add the following code in the file
server {
listen 80;
listen [::]:80;
server_name *.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name *.example.com;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Note:- Replace example.com with your domain name.
The above server block is listening on port 80 and redirects the request to the server block below it that is listening on port 443.

Test and restart Nginx

  • Test Nginx configuration using sudo nginx -t
  • If it’s success reload Nginx using sudo /etc/init.d/nginx reload

Nginx is now setup to handle wildcard subdomains.

Good luck with building your application.
Do let me know if you face any issues during the configuration :)
I am available at Utkarsh Verma