Baishun's Space

Create Letsencrypt Wildcard Certificate

By Baishun on Mar 5, 2023
XFacebookEmailY CombinatorLinkedInRedditWhatsApp
security

this post is base on you have base knowledge about letsencrypt and certbot

The command to create a wildcard certificate is pretty easy, for example with domain *.lecy.cc


certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.lecy.cc"

after run this command on your server, you will got outputs like this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for lecy.cc

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.lecy.cc with the following value:

n6PilMLOcM2ADfD78HDTuYqzY1ylRZo06ngQPDld-BI

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

So, before press Enter, we need to go to our DNS management, maybe godaddy, to add or edit a txt record, the name should be _acme-challenge, and type should be txt, value is from the output.

It may take several minutes to refresh the record. So I suggest you to check if the txt record refreshed successfully or not before press Enter.

a easy way to check is to check here: THIS PAGE

Once we found the txt record refreshed, we can press Enter and certbot will do the work left.


Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/lecy.cc-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/lecy.cc-0001/privkey.pem
   Your cert will expire on 2024-05-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

After these steps, you can update the configuration of your nginx or apache to match the new certification files.

That’s it!

For business cooperation or you have any questions, please send email to : lecy.cc.app@gmail.com
© Copyright 2025 by Baishun Space. Built with ♥ by Lecy. Origin theme of this blog is from ixartz. Social Icons are copied from astro-social-share