Let’s Encrypt Wildcard Certs on Ubuntu 16 & 18

Let’s Encrypt has been offering wildcard TLS certificates since the January 2018, and aMiSTACX has the Let’s Encrypt agent certbot-auto pre-installed. 😉

This should cover all aMiSTACX G3/G4s running on Ubuntu 16 & 18 LAMP and LEMP stacks.

From CLI:

Step 1.

sudo certbot-auto certonly --manual -d *.yourdomain.com --agree-tos --no-bootstrap --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

and of course you will replace .yourdomain.com with the actual name of your domain.

Step 2.

Agree to “would you like to make your IP public?”. You really have no choice if you want to proceed.

Technically for those that may be paranoid, just get the cert and then you can later add an AWS EIP to your instance.

Step 3.

Certbot-auto will provide the following information for DNS verification.

Using CloudFlare as an example, create a text record that will look something like this with information that was given to you:

CloudFlare Text Record Acme Challenge

Tip: Highlight the Text from the CLI from Left-to-Right and then Right-Click. This will prevent the chicken and the egg paradox during the copy and paste into the DNS fields 😉

When finished, click continue.

Step 4.

Select your choice of redirection. For Apache, select 2. For our NGINX stacks, select 1. [You can set up HTTPS redirection on CloudFlare or via the host file. See the stack instructions for more details.]

Step 5.

sudo service apache2 restart


sudo service nginx restart

That is it! How awesome was that?

Comments are closed.