How to setup Certbot wildcard certificate on Apache

Certbot allows simple, quick and free provisioning of SSL certificates using LetsEncrypt.

How to install Certbot

Option 1 (recommended)

sudo snap install core; sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot

Option 2

apt update apt install certbot

How to run Certbot

If you want to run the automated setup and get your certificate installed directly to apache, then:

sudo certbot --apache

If you only want the certificate, then:

sudo certbot certonly --apache

How to test the automatic renewal

sudo certbot renew --dry-run

How to get Wildcard certificates provisioned

Sometimes you want a little more out of your certificates. Such as wildcards (*.example.com).

For this you will need to do a couple things more.

certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com
Code language: JavaScript (javascript)

This will ask you to create a TXT record on your DNS zone to verify that you are the owner before creating the certificate for you.

Where are my certificates now?

By default, Certbot will place your certificates under /etc/letsencrypt/*

/etc/letsencrypt/live/example.com/fullchain.pem

..and the key can be found here:

/etc/letsencrypt/live/example.com/privkey.pem

You can always ask Certbot where things are:

certbot certificates
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments