Free wildcard cert manually

Letsencrypt started supporting wildcard certificate since version certbot 0.22.
These changes need to be applied to
1. certbot 0.22 on Ubuntu18. Ubuntu14 can only install certbot 0.14.2, which cannot do wildcard cert.
2. In addition to make a cert file as requested by Letsencrypt, DNS record are required to be created.
3. server need to be changed from acme-v01 to acme-v02. therefore the whole command becomes:
/usr/bin/certbot certonly –authenticator manual –server –text –email –csr riowingNet.csr –logs-dir . –config-dir . –work-dir .

Details on DSN verification:
Taking Google Domains as an example.
DNS TXT record name:
DNS TXT record value comes from the challenge, about 50 characters long
Propagation took over one hour in my case.
To verify:
openssl verify -verbose -CAfile <(cat 0000_chain.pem root.crt) riowingChainCertbot.crt
output: riowingChainCertbot.crt: OK
where: 0000_chain.pem is intermediate cert that sits between riowingChainCertbot and root.
To view:
certutil.exe -decode riowingChainCertbot.crt riowingChainCertbot.bin
certUtil.exe riowingChainCertbot.bin
Output includes: CN=* and CN=Let’s Encrypt Authority X3

Previous Post
Comments are closed.
%d bloggers like this: