Free wildcard cert manually


Letsencrypt started supporting wildcard certificate since version certbot 0.22.
These changes need to be applied to https://riowingwp.wordpress.com/2019/01/20/ssl-cert-installation
1. certbot 0.22 on Ubuntu18. Ubuntu14 can only install certbot 0.14.2, which cannot do wildcard cert.
2. In addition to make a cert file as requested by Letsencrypt, DNS record are required to be created.
3. server need to be changed from acme-v01 to acme-v02. therefore the whole command becomes:
/usr/bin/certbot certonly –authenticator manual –server https://acme-v02.api.letsencrypt.org/directory –text –email RioChn@gmail.com –csr riowingNet.csr –logs-dir . –config-dir . –work-dir .

Details on DSN verification:
Taking Google Domains as an example.
DNS TXT record name: _acme-challenge.riowing.net
DNS TXT record value comes from the challenge, about 50 characters long
Propagation took over one hour in my case.
To verify:
openssl verify -verbose -CAfile <(cat 0000_chain.pem root.crt) riowingChainCertbot.crt
output: riowingChainCertbot.crt: OK
where: 0000_chain.pem is intermediate cert that sits between riowingChainCertbot and root.
To view:
certutil.exe -decode riowingChainCertbot.crt riowingChainCertbot.bin
certUtil.exe riowingChainCertbot.bin
Output includes: CN=*.riowing.net and CN=Let’s Encrypt Authority X3
Download: http://riowing.net/p/certs.zip

Previous Post
Comments are closed.
%d bloggers like this: