How to setup Certbot wildcard certificate on Apache

0 min read 190 words

Certbot allows simple, quick and free provisioning of SSL certificates using LetsEncrypt.

How to install Certbot

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Option 2

apt update
apt install certbot

How to run Certbot

If you want to run the automated setup and get your certificate installed directly to apache, then:

sudo certbot --apache

If you only want the certificate, then:

sudo certbot certonly --apache

How to test the automatic renewal

sudo certbot renew --dry-run

How to get Wildcard certificates provisioned

Sometimes you want a little more out of your certificates. Such as wildcards (*.example.com).

For this you will need to do a couple things more.

certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com

This will ask you to create a TXT record on your DNS zone to verify that you are the owner before creating the certificate for you.

Where are my certificates now?

By default, Certbot will place your certificates under /etc/letsencrypt/*

/etc/letsencrypt/live/example.com/fullchain.pem

..and the key can be found here:

/etc/letsencrypt/live/example.com/privkey.pem

You can always ask Certbot where things are:

certbot certificates
Andrew
Andrew

Andrew is a visionary software engineer and DevOps expert with a proven track record of delivering cutting-edge solutions that drive innovation at Ataiva.com. As a leader on numerous high-profile projects, Andrew brings his exceptional technical expertise and collaborative leadership skills to the table, fostering a culture of agility and excellence within the team. With a passion for architecting scalable systems, automating workflows, and empowering teams, Andrew is a sought-after authority in the field of software development and DevOps.

Tags