{"id":108967,"date":"2022-12-06T13:25:16","date_gmt":"2022-12-06T12:25:16","guid":{"rendered":"https:\/\/www.avanet.com\/kb\/how-to-create-a-lets-encrypt-wildcard-certificate\/"},"modified":"2023-05-01T12:11:15","modified_gmt":"2023-05-01T11:11:15","slug":"how-to-create-a-lets-encrypt-wildcard-certificate","status":"publish","type":"kb","link":"https:\/\/www.avanet.com\/en\/kb\/how-to-create-a-lets-encrypt-wildcard-certificate\/","title":{"rendered":"How to create a Let’s Encrypt Wildcard Certificate"},"content":{"rendered":"\n

This article explains how to create a free Let’s Encrypt wildcard certificate.<\/p>\n\n

I recommend using a certificate that is valid for longer than 3 months, such as Let’s Encrypt certificates.\nAt Central, the import cannot be automated yet.\nHowever, you often want to try out the ZTNA solution first in the 30-day test phase.\nLet’s Encrypt is a good choice here if you do not already have a wildcard certificate. <\/p>\n\n

Install Let’s Encrypt Certbot Tool<\/h3>\n\n

Before you can create free wildcard certificates, you need certbot installed.\nI’m using an Ubuntu Server here.\nTo install it, run the following commands: <\/p>\n\n

sudo apt update\nsudo apt-get install letsencrypt<\/code><\/pre>\n\n
Generate Let’s Encrypt Wildcard SSL Certificate<\/h3>\n\n
After installing Certbot, you can now start creating certificates.<\/p>\n\n
For wildcard certificates Let’s Encrypt requires verification via DNS.\nThis ensures that you are really authorized to create a certificate for this domain. <\/p>\n\n
So, to create a wildcard certificate for the *.avanet.com domain, we run the following commands:<\/p>\n\n
sudo certbot certonly --manual --preferred-challenges=dns --email webmaster@avanet.com<\/strong> --server https:\/\/acme-v02.api.letsencrypt.org\/directory --agree-tos -d avanet.com<\/strong> -d *.avanet.com<\/strong><\/code><\/pre>\n\n
certonly<\/strong><\/td>Request or renew certificate without installing it<\/td><\/tr>
-manual<\/strong><\/td>Obtaining certificates<\/td><\/tr>
-preferred-challenges=dns<\/strong><\/td>Use DNS to authenticate as domain owner<\/td><\/tr>
-server<\/strong><\/td>Server, which should be used for the generation of the certificates<\/td><\/tr>
-agree-tos<\/strong><\/td>Agree with the terms and conditions of the ACME server<\/td><\/tr>
-d<\/strong><\/td>Domain for which a certificate is to be created<\/td><\/tr><\/tbody><\/table><\/figure>\n\n
After completing the above command, it is still necessary to verify the ownership of the domain.\nFor this purpose, it is necessary to create a TXT record on the DNS servers. <\/p>\n\n
After verification, the certificates are generated and can be downloaded from the following path:<\/p>\n\n
\/etc\/letsencrypt\/live\/avanet.com<\/strong>\/<\/code><\/pre>\n\n
Later we need the files cert.pem<\/em> and privkey.pem<\/em>.\nThe last one must be renamed from privkey.pem<\/em> to privkey.key<\/em>. <\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"template":"","format":"standard","kb_kategorie":[715],"class_list":["post-108967","kb","type-kb","status-publish","format-standard","hentry","kb_kategorie-zero-trust"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb\/108967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/5"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=108967"}],"wp:term":[{"taxonomy":"kb_kategorie","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb_kategorie?post=108967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}