Install Let’s Encrypt Wildcard SSL Certificate With Nginx

Secure a Webite with Let’s Encrypt Wild card SSL Certificate Steps: 1. Install Let’s Encrypt on Ubuntu 16.04 server 2. Install Nginx 3. Setup DNS to serve all the subdomains 4. Obtaining wildcard ssl certificate from Let’s Encrypt 5. Configuring Nginx to serve wildcard subdomains 6. Test and restart Nginx Step1: Installing Let’s Encrypt on Ubuntu 16.04 server $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx Step 2: Installing Nginx $ sudo apt-get update $ sudo apt-get install nginx Step 3: Setup DNS to serve all the subdomains Create a custom A record, HOST * POINTS TO: Your IP Address(Eg: 143.21.0.18) Create a custom A record, HOST @ POINTS TO: Your IP Address(Eg: 143.21.0.18) Add a CNAME record, HOST www POINTS TO @ this refers to your IP address. Step 4: Obtaining wildcard ssl certificate from Let’s Encrypt $ sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly You’ll be prompted to enter your email address for urgent renewal and security notices. Read and agree to the terms and conditions and answer (Y)es to the subsequent questions. Once you get the DNS TXT as it can be seen below you have to login domain panel after that add this value and host name there. And then hit enter. After you add the said TXT record, confirm the DNS has updated before you hit enter. You can check if the DNS has been properly updated using dig $ dig _acme-challenge.pasls.com TXT # checking in local DNS server $ dig @8.8.8.8 _acme-challenge.pasls.com TXT # checking at Google DNS server Once you see the challenge text in the answer section, press Enter in the certbot terminal. Note:- Replace example.com with your domain name Deploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command Step 5: Configuring Nginx to serve wildcard subdomains Open the file sudo vi /etc/nginx/sites-available/default and the following code in the file server { listen 80; listen :80; server_name *.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name *.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/example.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; root /var/www/example.com; index index.html; location / { try_files $uri $uri/ =404; } } Note:- Replace example.com with your domain name. The above server block is listening on port 80 and redirects the request to the server block below it that is listening on port 443. Step 6: Test and restart Nginx Test Nginx configuration using sudo nginx -t If it’s successful reload Nginx using sudo /etc/init.d/nginx reload Nginx is now setup to handle wildcard subdomains. Refrences: https://blog.codeship.com/how-to-deploy-wildcard-ssl-certificates-using-lets-encrypt/ https://medium.com/@utkarsh_verma/how-to-obtain-a-wildcard-ssl-certificate-from-lets-encrypt-and-setup-nginx-to-use-wildcard-cfb050c8b33f