Letsencrypt wildcard certificate

To enable a Letsencrypt wildcard certificate do the following steps

Create NEW wildcard certificate

1. Stop Apache or HaProxy
2. Run following certbot command to create a wildcard certificate
sudo certbot certonly -d '*.plaatsoft.nl' --manual

3. Certbot will ask you to add an extra DNS entry (TXT) with a unique token
Add this record in your DNS

4. Check with dig tool if DNS record is available (This can take some time)
sudo dig _acme-challenge.plaatsoft.nl TXT

5. Press "enter". Then wildcard certifate is created
6. Add new certificate to Apache or HaProxy.
7. Remove DNS TXT record (Updating it does not work, is my experience)
8. Done

Leave a Reply

Your email address will not be published. Required fields are marked *