Sun 17 Apr, 2022
Installing a wildcard SSL certificate onto VPS using certbot from LetsEncrypt.
ssh into VPS.sudo apt install certbot
Cast:sudo certbot --manual certonly --perferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory -d example.com -d *.example.com -d *.subdomain.example.com--manual - obtains certificates interactivly in the shell. it is also the only way to obtain wildcard certificates.certonly - obtain or renew a certificate but do not try to install it into a local webserver.--perferred-challenges dns - to ask for random TXT records which you will add to your dns configuration in order to prove ownership of the domain, instead of offering root access to certbot in order to prove ownership of the domain.--server https://acme-v02.api.letsencrypt.org/directory - Specifying this server as oppose to using the default adds the functionality of creating wildcard certificates.-d - is where you specify your domain names. You can specify the root domain, other domain names, and wildcard domains - with normal limitations on certificate requests such as only being able to have one * in a domain string.
Go through the dns challenge by adding the requested TXT records to your DNS of the form:_acme-challenge.subdomain.example.com :: TXT :: "codestring"
Use mxtoolbox.com to verify that the record has been deployed before continuing on.
Congrats! Your certificate has been saved, possibly at:/etc/letsencrypt/live/example.com/fullchain.pem
with your key file saved at:/etc/letsencrypt/live/example.com/privkey.pem
This certificate can now be applied to the relevant VirtualHosts to activate SSL connections to your domains.
With special thanks to Chris Tate (:
blog.jcaston.uk // 2025