How to setup Wildcard SSL for your sub-domains using Let’s Encrypt
Google has declared that it will label your website as ‘Not Secure’ on non SSL sites. It means SSL is now necessary to make your website more available to google users. As google search engine will prefer secure sites.
So in this article we will learn how to setup wild card domain SSL.
What is wild card ?
Domain always have 3 parts in it. for example, www.example.com it contains 3 parts
- www — subdomain
- .example — domain name
- .com — TLD
We can always install certificate on individual domain or sub-domain but what if your application uses multiple sub-domains and each time you have to install separate SSL for sub-domain.
*.example.com -> app.example.com, dashboard.example.com, admin.example.com
So if we install one SSL certificate for *.example.com and it get’s installed for all sub-domain then it’s called Wild Card SSL Certificate.
What is Let’s Encrypt ?
Let’s Encrypt is a certificate authority that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge (FREE). The certificate is valid for 90 days, during which renewal can take place at anytime. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.
What’s Needed ?
- VPS Server (I prefer Digital Ocean)
- Python, Git and Let’s Encrypt
apt-get install python-minimal
apt-get install git-core
git --versionapt-get install letsencrypt
chmod a+x ./certbot-auto
Everything needed is installed, half of our work is done.
- Note — Python minimal requires more RAM, so if you don’t have enough RAM then don’t forget to add some SWAP area.
Let’s Get Started, Let’s F***ing Encrypt It.
Perform Following Command
./certbot-auto certonly --manual --preferred-challenges=dns --email firstname.lastname@example.org -d *.example.com
Change Email and Domain as per your configurations
Authenticate your domain using DNS Challenge.
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:IUESgUUxWirfjIpCNNqM6Z4USASWulZdnr21OaEVibA
So open your DNS Manager and Add TXT Record of _acme-challenge give it a value IUESgUUxWirfjIpCNNqM6Z4USASWulZdnr21OaEVibA
Wait for few minutes to spread TXT Records and confirm. Booom.
You have successfully obtained Wild Card SSL certificates. certificates will be saved at
Use it in Apache Configuration File and Make your sub-domains secure.