How to setup Wildcard SSL for your sub-domains using Let’s Encrypt

Coding Monk
Jan 7, 2019 · 2 min read

Google has declared that it will label your website as ‘Not Secure’ on non SSL sites. It means SSL is now necessary to make your website more available to google users. As google search engine will prefer secure sites.

So in this article we will learn how to setup wild card domain SSL.

What is wild card ?

Domain always have 3 parts in it. for example, www.example.com it contains 3 parts

  1. www — subdomain

We can always install certificate on individual domain or sub-domain but what if your application uses multiple sub-domains and each time you have to install separate SSL for sub-domain.

for example,

*.example.com -> app.example.com, dashboard.example.com, admin.example.com

So if we install one SSL certificate for *.example.com and it get’s installed for all sub-domain then it’s called Wild Card SSL Certificate.

What is Let’s Encrypt ?

Let’s Encrypt is a certificate authority that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge (FREE). The certificate is valid for 90 days, during which renewal can take place at anytime. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.

What’s Needed ?

  1. VPS Server (I prefer Digital Ocean)
apt-get update
apt-get install python-minimal
python --version
apt-get install git-core
git --version
apt-get install letsencrypt

3. Certbot

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

Everything needed is installed, half of our work is done.

  • Note — Python minimal requires more RAM, so if you don’t have enough RAM then don’t forget to add some SWAP area.

Let’s Get Started, Let’s F***ing Encrypt It.

Perform Following Command

./certbot-auto certonly --manual --preferred-challenges=dns --email email@example.com -d *.example.com

Change Email and Domain as per your configurations

Authenticate your domain using DNS Challenge.

Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
IUESgUUxWirfjIpCNNqM6Z4USASWulZdnr21OaEVibA

So open your DNS Manager and Add TXT Record of _acme-challenge give it a value IUESgUUxWirfjIpCNNqM6Z4USASWulZdnr21OaEVibA

TXT Records

Wait for few minutes to spread TXT Records and confirm. Booom.

You have successfully obtained Wild Card SSL certificates. certificates will be saved at /etc/letsencrypt/live/YOURSITENAME

Use it in Apache Configuration File and Make your sub-domains secure.

For more server related Video Tutorial go to Coding Monk Youtube Channel and Subscribe

Coding Monk

We are here for quick tutorials, it may be server…

Coding Monk

We are here for quick tutorials, it may be server administration, server setup, dev ops, simple programming tips, simple hacks for server and many other things.

Coding Monk

Written by

We are here for quick tutorials, it may be server administration, server setup, dev ops, simple programming tips, simple hacks for server and many other things.

Coding Monk

We are here for quick tutorials, it may be server administration, server setup, dev ops, simple programming tips, simple hacks for server and many other things.