How to create a Let’s Encrypt Wildcard Certificate
This article explains how to create a free Let’s Encrypt wildcard certificate.
I recommend using a certificate that is valid for longer than 3 months, such as Let’s Encrypt certificates. At Central, the import cannot be automated yet. However, you often want to try out the ZTNA solution first in the 30-day test phase. Let’s Encrypt is a good choice here if you do not already have a wildcard certificate.
Install Let’s Encrypt Certbot Tool
Before you can create free wildcard certificates, you need certbot installed. I’m using an Ubuntu Server here. To install it, run the following commands:
sudo apt update
sudo apt-get install letsencrypt
Generate Let’s Encrypt Wildcard SSL Certificate
After installing Certbot, you can now start creating certificates.
For wildcard certificates Let’s Encrypt requires verification via DNS. This ensures that you are really authorized to create a certificate for this domain.
So, to create a wildcard certificate for the *.avanet.com domain, we run the following commands:
sudo certbot certonly --manual --preferred-challenges=dns --email webmaster@avanet.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d avanet.com -d *.avanet.com
certonly | Request or renew certificate without installing it |
-manual | Obtaining certificates |
-preferred-challenges=dns | Use DNS to authenticate as domain owner |
-server | Server, which should be used for the generation of the certificates |
-agree-tos | Agree with the terms and conditions of the ACME server |
-d | Domain for which a certificate is to be created |
After completing the above command, it is still necessary to verify the ownership of the domain. For this purpose, it is necessary to create a TXT record on the DNS servers.
After verification, the certificates are generated and can be downloaded from the following path:
/etc/letsencrypt/live/avanet.com/
Later we need the files cert.pem and privkey.pem. The last one must be renamed from privkey.pem to privkey.key.