Skip to content

How to apply for Wildcard Certificate on CentOS

homepage-banner

Let’s Encrypt support wildcard domain certificate, and acme.sh is An ACME protocol client written purely in Shell (Unix shell) language.

1. install acme.sh

curl https://get.acme.sh | sh

2. request Certificate

( use *.s-b.me as example)

cd /.acme.sh
./acme.sh --issue -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

the output

[Sat Mar 24 13:10:07 UTC 2018] Registering account
[Sat Mar 24 13:10:08 UTC 2018] Registered
[Sat Mar 24 13:10:08 UTC 2018] ACCOUNT_THUMBPRINT='hS_gwvXaqMtxJh2Bz0asmWK3r7iMYIknkOWDqO1a76U'
[Sat Mar 24 13:10:08 UTC 2018] Creating domain key
[Sat Mar 24 13:10:09 UTC 2018] The domain key is here: /root/.acme.sh/*.s-b.me/*.s-b.me.key
[Sat Mar 24 13:10:09 UTC 2018] Multi domain='DNS:*.s-b.me,DNS:s-b.me'
[Sat Mar 24 13:10:09 UTC 2018] Getting domain auth token for each domain
[Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='*.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record:
[Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] TXT value: '6sf1Iuh7r****************bHPs8QriJf8ibpszRk'
[Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain
[Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me
[Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record:
[Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] TXT value: 'iA68V9A14****************mlrsZx24raM-S0gmpI'
[Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain
[Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me
[Sat Mar 24 13:10:10 UTC 2018] Please add the TXT records to the domains, and re-run with --renew.
[Sat Mar 24 13:10:10 UTC 2018] Please add '--debug' or '--log' to check more details.
[Sat Mar 24 13:10:10 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

3. add txt record for the domain

Add a txt record for the domain name to verify domain ownership.

_acme-challenge.s-b.me    txt    iA68V9A14****************mlrsZx24raM-S0gmpI
_acme-challenge.s-b.me    txt    6sf1Iuh7r****************bHPs8QriJf8ibpszRk

4. request Wildcard Certificate

./acme.sh --renew -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

If successful, a certificate directory will be generated in the current directory named after the domain name.

/root/.acme.sh
*.s-b.me/
├── ca.cer
├── fullchain.cer
├── *.s-b.me.cer
├── *.s-b.me.conf
├── *.s-b.me.csr
├── *.s-b.me.csr.conf
└── *.s-b.me.key

5. configure Certificate to support SSL

.cer            cert file
.key            key file
fullchain.cer   fullchain cert

6、Certificate auto renew

add a crontab job to run

./acme.sh --renew -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

reference

  • https://github.com/acmesh-official/acme.sh
Leave a message