How to create a Let’s Encrypt Wildcard Certificate

This article explains how to create a free Let’s Encrypt wildcard certificate.

I recommend using a certificate that is valid for longer than 3 months, such as Let’s Encrypt certificates. At Central, the import cannot be automated yet. However, you often want to try out the ZTNA solution first in the 30-day test phase. Let’s Encrypt is a good choice here if you do not already have a wildcard certificate.

Install Let’s Encrypt Certbot Tool

Before you can create free wildcard certificates, you need certbot installed. I’m using an Ubuntu Server here. To install it, run the following commands:

sudo apt update
sudo apt-get install letsencrypt

Generate Let’s Encrypt Wildcard SSL Certificate

After installing Certbot, you can now start creating certificates.

For wildcard certificates Let’s Encrypt requires verification via DNS. This ensures that you are really authorized to create a certificate for this domain.

So, to create a wildcard certificate for the *.avanet.com domain, we run the following commands:

sudo certbot certonly --manual --preferred-challenges=dns --email webmaster@avanet.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d avanet.com -d *.avanet.com

certonly	Request or renew certificate without installing it
-manual	Obtaining certificates
-preferred-challenges=dns	Use DNS to authenticate as domain owner
-server	Server, which should be used for the generation of the certificates
-agree-tos	Agree with the terms and conditions of the ACME server
-d	Domain for which a certificate is to be created

After completing the above command, it is still necessary to verify the ownership of the domain. For this purpose, it is necessary to create a TXT record on the DNS servers.

After verification, the certificates are generated and can be downloaded from the following path:

/etc/letsencrypt/live/avanet.com/

Later we need the files cert.pem and privkey.pem. The last one must be renamed from privkey.pem to privkey.key.