Install wildcard certificates for apache
Let's encrypt now provides wildcard certificates to be deployed for servers groups and even for the servers at intranet.
I am using CEntOS here.
Install apache and mod_ssl plugin then install certbot package.
Certbot package is available in Epel repository
Enable the EPEL repository
yum install epel-release
Install Certbot with dns plugin
yum install certbot python2-certbot-dns-rfc2136
Start the process with the following command
certbot certonly \--manual \
--preferred-challenges=dns \
--email dipes@dipes.com.np \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
-d *.dipes.com.np
Replace dipes.com.np with your own domain and your email.
Please deploy a DNS TXT record under the name
_acme-challenge.dipes.com.np with the following value:
7Cvl9fgz8OlwUCJVTFg5dLatVAcQDLPIY66AVImhXhk
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Update the TXT record with the generated value and verify the record before pressing enter.
Once it it verified message is displayed as follows.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dipes.com.np/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dipes.com.np/privkey.pem
Your cert will expire on 2019-07-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Certificates are saved in the location
/etc/letsencrypt/live/dipes.com.np/fullchain.pem and /etc/letsencrypt/live/dipes.com.np/privkey.pem
Update the certificate and key file location as in apache ssl configuration file.
I am using CEntOS here.
Install apache and mod_ssl plugin then install certbot package.
Certbot package is available in Epel repository
Enable the EPEL repository
yum install epel-release
Install Certbot with dns plugin
yum install certbot python2-certbot-dns-rfc2136
Start the process with the following command
certbot certonly \--manual \
--preferred-challenges=dns \
--email dipes@dipes.com.np \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
-d *.dipes.com.np
Replace dipes.com.np with your own domain and your email.
Please deploy a DNS TXT record under the name
_acme-challenge.dipes.com.np with the following value:
7Cvl9fgz8OlwUCJVTFg5dLatVAcQDLPIY66AVImhXhk
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Update the TXT record with the generated value and verify the record before pressing enter.
_acme-challenge.dipes.com.np | TXT | "7Cvl9fgz8OlwUCJVTFg5dLatVAcQDLPIY66AVImhXhk" |
Once it it verified message is displayed as follows.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dipes.com.np/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dipes.com.np/privkey.pem
Your cert will expire on 2019-07-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Certificates are saved in the location
/etc/letsencrypt/live/dipes.com.np/fullchain.pem and /etc/letsencrypt/live/dipes.com.np/privkey.pem
Update the certificate and key file location as in apache ssl configuration file.