Obtaining wildcard SSL from Let’s Encrypt

Obtaining a wildcard SSL from Let’s Encrypt

Photo by Richy Great on Unsplash

What is an SSL Wildcard Certificate?
An SSL Wildcard certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure multiple sub-domain names (hosts) of the same base domain.

For example, a wildcard certificate for *.xyz.com, could be used for www.xyz.com, mail.xyz.com , docs.xyz.com in addition to any additional subdomain name in the xyz.com.

When should I request an SSL Wildcard Certificate?
An SSL Wildcard certificate should be considered an option when looking to secure several sub-domains, such as test.xyz.com, www.xyz.comand mail.xyz.comwith a single certificate.

The format of the common name entered for the SSL Wildcard Certificate will be *.xyz.com.

Obtaining the certificate

I am going to obtain a wildcard certificate using certbot for my subdomain dev.novasush.com. I am going to quickly spin up an Nginx server on a VM instance on Google Cloud Platform. The obtained SSL will look like *.novasush.com.

Make sure you have created an A record in your DNS settings before proceeding to the next steps. Also this steps refers to shell based installation, if you wan’t to try non-shell based installation follow this guide.

As we can see Not secure in the address bar after running nginx on HTTP.

Check if your DNS provider is supported by Certbot by checking this list in our documentation. If your DNS provider is not mentioned in the list, don’t worry i have written steps for manual installation too.

Install snapd
You’ll need to install snapd and make sure you follow any instructions to enable classic snap support.

Ensure that your version of snapd is up to date

sudo snap install core; sudo snap refresh core

Remove certbot-auto and any Certbot OS packages

sudo apt-get remove certbot

Install certbot and certbot DNS plugin.

sudo snap install --classic certbot && \
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# Confirm plugin containment level
sudo snap set certbot trust-plugin-with-root=ok

Install DNS-Plugin
I am using Google DNS.

sudo snap install certbot-dns-google

Setting up credentials.

On, GCP goto Nav bar > IAM > Service Accounts

Create service account, in roles select DNS Administrator

DNS Admin service account used by certbot

Click on your key and goto keys section, then click on Add key then select JSON from the menu. Copy the file on your instance.

Select JSON from the menu

Now that we are ready with the setup, just run the certbot command to generate SSL for your sub-domain.

certbot certonly \
  --dns-google \
  --dns-google-credentials credentials.json \
  -d '*.novasush.com'

I have copied credentials.json in the home directory on my machine.

After successfully obtaining certificates, install them in your respective application servers, in this case, I installed it on nginx.
To confirm that your site is set up properly, visit https://yourwebsite.com in your browser and look for the lock icon in the URL bar. Also, click on the lock icon to confirm you have received a wildcard SSL.

In case you want to obtain manually without DNS plugin, just add –manual and –preferred-challenges flag with certbot command, also you will have to add TXT record into your DNS settings for verification.

sudo certbot certonly -d '*.yourdomain.com' --manual --preferred-challenges dns

After this command, it will ask you to add a TXT record. Add the record, then wait for changes to propagate. To check if TXT record has been set using nslookup command.

nslookup -type=TXT _acme-challenge.yourdomain.com

All the DNS provider steps are mentioned in the certbot DNS-plugin document.

References

  1. https://certbot-dns-google.readthedocs.io/en/stable
  2. https://certbot.eff.org/docs/using.html#dns-plugins

Obtaining wildcard SSL from Let’s Encrypt was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.


This content originally appeared on Level Up Coding - Medium and was authored by Sushrut Ashtikar

Obtaining a wildcard SSL from Let’s Encrypt

Photo by Richy Great on Unsplash

What is an SSL Wildcard Certificate?
An SSL Wildcard certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure multiple sub-domain names (hosts) of the same base domain.

For example, a wildcard certificate for *.xyz.com, could be used for www.xyz.com, mail.xyz.com , docs.xyz.com in addition to any additional subdomain name in the xyz.com.

When should I request an SSL Wildcard Certificate?
An SSL Wildcard certificate should be considered an option when looking to secure several sub-domains, such as test.xyz.com, www.xyz.comand mail.xyz.comwith a single certificate.

The format of the common name entered for the SSL Wildcard Certificate will be *.xyz.com.

Obtaining the certificate

I am going to obtain a wildcard certificate using certbot for my subdomain dev.novasush.com. I am going to quickly spin up an Nginx server on a VM instance on Google Cloud Platform. The obtained SSL will look like *.novasush.com.

Make sure you have created an A record in your DNS settings before proceeding to the next steps. Also this steps refers to shell based installation, if you wan’t to try non-shell based installation follow this guide.

As we can see Not secure in the address bar after running nginx on HTTP.

Check if your DNS provider is supported by Certbot by checking this list in our documentation. If your DNS provider is not mentioned in the list, don’t worry i have written steps for manual installation too.

Install snapd
You’ll need to install snapd and make sure you follow any instructions to enable classic snap support.

Ensure that your version of snapd is up to date

sudo snap install core; sudo snap refresh core

Remove certbot-auto and any Certbot OS packages

sudo apt-get remove certbot

Install certbot and certbot DNS plugin.

sudo snap install --classic certbot && \
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# Confirm plugin containment level
sudo snap set certbot trust-plugin-with-root=ok

Install DNS-Plugin
I am using Google DNS.

sudo snap install certbot-dns-google

Setting up credentials.

On, GCP goto Nav bar > IAM > Service Accounts

Create service account, in roles select DNS Administrator

DNS Admin service account used by certbot

Click on your key and goto keys section, then click on Add key then select JSON from the menu. Copy the file on your instance.

Select JSON from the menu

Now that we are ready with the setup, just run the certbot command to generate SSL for your sub-domain.

certbot certonly \
  --dns-google \
  --dns-google-credentials credentials.json \
  -d '*.novasush.com'

I have copied credentials.json in the home directory on my machine.

After successfully obtaining certificates, install them in your respective application servers, in this case, I installed it on nginx.
To confirm that your site is set up properly, visit https://yourwebsite.com in your browser and look for the lock icon in the URL bar. Also, click on the lock icon to confirm you have received a wildcard SSL.

In case you want to obtain manually without DNS plugin, just add --manual and --preferred-challenges flag with certbot command, also you will have to add TXT record into your DNS settings for verification.

sudo certbot certonly -d '*.yourdomain.com' --manual --preferred-challenges dns

After this command, it will ask you to add a TXT record. Add the record, then wait for changes to propagate. To check if TXT record has been set using nslookup command.

nslookup -type=TXT _acme-challenge.yourdomain.com

All the DNS provider steps are mentioned in the certbot DNS-plugin document.

References

  1. https://certbot-dns-google.readthedocs.io/en/stable
  2. https://certbot.eff.org/docs/using.html#dns-plugins

Obtaining wildcard SSL from Let’s Encrypt was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.


This content originally appeared on Level Up Coding - Medium and was authored by Sushrut Ashtikar


Print Share Comment Cite Upload Translate Updates
APA

Sushrut Ashtikar | Sciencx (2021-04-07T14:22:51+00:00) Obtaining wildcard SSL from Let’s Encrypt. Retrieved from https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/

MLA
" » Obtaining wildcard SSL from Let’s Encrypt." Sushrut Ashtikar | Sciencx - Wednesday April 7, 2021, https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/
HARVARD
Sushrut Ashtikar | Sciencx Wednesday April 7, 2021 » Obtaining wildcard SSL from Let’s Encrypt., viewed ,<https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/>
VANCOUVER
Sushrut Ashtikar | Sciencx - » Obtaining wildcard SSL from Let’s Encrypt. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/
CHICAGO
" » Obtaining wildcard SSL from Let’s Encrypt." Sushrut Ashtikar | Sciencx - Accessed . https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/
IEEE
" » Obtaining wildcard SSL from Let’s Encrypt." Sushrut Ashtikar | Sciencx [Online]. Available: https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/. [Accessed: ]
rf:citation
» Obtaining wildcard SSL from Let’s Encrypt | Sushrut Ashtikar | Sciencx | https://www.scien.cx/2021/04/07/obtaining-wildcard-ssl-from-lets-encrypt/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts