How to obtain a wildcard ssl certificate from Let’s Encrypt and setup Nginx to use wildcard subdomain

Recently Let’s Encrypt officially started issuing wildcard ssl certificate using Automated Certificate Management Environment (ACME) V2 endpoint.

This is the continuation of the article that I have written before.

Let’s begin by

Installing Let’s Encrypt on Ubuntu 16.04 server

sudo add-apt-repository ppa:certbot/certbotsudo apt-get updatesudo apt-get install python-certbot-nginx

Installing Nginx

sudo apt-get updatesudo apt-get install nginx

Setup DNS to serve all the subdomains

Obtaining wildcard ssl certificate from Let’s Encrypt

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly

Note:- Replace example.com with your domain name

Deploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command

Configuring Nginx to serve wildcard subdomains

server {
listen 80;
listen [::]:80;
server_name *.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name *.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}

Note:- Replace example.com with your domain name.

The above server block is listening on port 80 and redirects the request to the server block below it that is listening on port 443.

Test and restart Nginx

Nginx is now setup to handle wildcard subdomains.

Good luck with building your application.
Do let me know if you face any issues during the configuration :)
I am available at Utkarsh Verma

Tech @hackinoutco