Let’s Encrypt Wildcard SSL Certificate with Nginx

Install Certbot

sudo yum -y install certbot python2-certbot-nginx nginx

Run the command as shown below to request SSL for *.yourdomain.id.

sudo certbot certonly \
  --agree-tos \
  --email [email protected] \
  --manual \
  --preferred-challenges=dns \
  -d *.yourdomain.id \
  --server https://acme-v02.api.letsencrypt.org/directory

Once you execute the command, you will receive a TXT record which you need to add to your DNS server. The records will look as below:

Please deploy a DNS TXT record under the name
_acme-challenge.yourdomain.id with the following value:

7qx8FNyWnK_HENpP6xqq3_Vl6Ful7hiVTVLKZafp8p8

Before continuing, verify the record is deployed.

Add the records to your DNS server for the webserver domain.

 

Check DNS

host -t txt _acme-challenge.example.com

 

Once you have verified that the record has been deployed, press Enter to obtain the SSL. You should get feedback as below:

IMPORTANT NOTES: 
- Congratulations! Your certificate and chain have been saved at: 
  /etc/letsencrypt/live/yourdomain.id/fullchain.pem 
  Your key file has been saved at: 
  /etc/letsencrypt/live/yourdomain.id/privkey.pem 
  Your cert will expire on 2020-11-03. To obtain a new or tweaked 
  version of this certificate in the future, simply run certbot 
  again. To non-interactively renew *all* of your certificates, run 
  "certbot renew" 
- If you like Certbot, please consider supporting our work by: 

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate 
  Donating to EFF:                    https://eff.org/donate-le

Next configure your nginx

 

Renew Cert –> update DNS value : _acme-challenge.yourdomain.id

sudo certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.<yourdomain.com>" -d <yourdomain.com>