As you may already know, Letsencrypt announced the release of ACME v2 API which is now ready for production. One of the features that people have been waiting for is the support for Wildcard certificates which was missing in ACME v1.
In this guide, I’ll show you the process of generating a wildcard Letsencrypt SSL certificate for use with your Web applications, validated manually using DNS. End users can begin issuing trusted, production-ready certificates with their ACME v2 compatible clients using the following directory URL:
Please note that you must use an ACME v2 compatible client to access this endpoint. You can consult our list of ACME v2 compatible clients.
Install certbot-auto ACME v2 Client
Run the following command to install certbot-auto ACME v2 client that we’ll use to get wildcard ssl certificate.
# wget https://dl.eff.org/certbot-auto -P /usr/local/bin # chmod a+x /usr/local/bin/certbot-auto
Generate Wildcard SSL certificate
I’ll generate Wildcard certificate for *.computingforgeeks.com. One requirement is access to your DNS manager to verify domain ownership by adding a generated TXT record.
Run below command to start certificate request process:
You should get output similar to below:
It gives you a TXT record to add to your DNS, for me, the record is:
Name: _acme-challenge.computingforgeeks.com TXT record: UGa2-db4b-gj9aWAmS8UCnctThIMgRTWAWSeCK_zLVPAfaz6lvQ
After this is done and the record has been populated, press the enter key to continue. On successful generation, you should get output like below:
The output gives you the full path to the private key and the certificate file. You can now use the certificate for your applications.