{"id":6700,"date":"2024-06-05T07:39:19","date_gmt":"2024-06-05T05:39:19","guid":{"rendered":"https:\/\/shakti.tattva.se\/?p=6700"},"modified":"2024-06-05T07:39:19","modified_gmt":"2024-06-05T05:39:19","slug":"how-to-create-a-lets-encrypt-wildcard-certificate","status":"publish","type":"post","link":"https:\/\/shakti.tattva.se\/index.php\/how-to-create-a-lets-encrypt-wildcard-certificate\/","title":{"rendered":"How to create a Let\u2019s Encrypt Wildcard Certificate"},"content":{"rendered":"<div class=\"entry-content\">\n<p>This article explains how to create a free Let\u2019s Encrypt wildcard certificate.<\/p>\n<p>I recommend using a certificate that is valid for longer than 3 months, such as Let\u2019s Encrypt certificates. At Central, the import cannot be automated yet. However, you often want to try out the ZTNA solution first in the 30-day test phase. Let\u2019s Encrypt is a good choice here if you do not already have a wildcard certificate.<\/p>\n<h3 id=\"h-let-s-encrypt-certbot-tool-installieren\" class=\"wp-block-heading\">Install Let\u2019s Encrypt Certbot Tool<\/h3>\n<p>Before you can create free wildcard certificates, you need certbot installed. I\u2019m using an Ubuntu Server here. To install it, run the following commands:<\/p>\n<pre class=\"wp-block-code\"><code>sudo pacman -S letsencrypt<\/code><\/pre>\n<h3 id=\"h-let-s-encrypt-wildcard-ssl-zertifikat-generieren\" class=\"wp-block-heading\">Generate Let\u2019s Encrypt Wildcard SSL Certificate<\/h3>\n<p>After installing Certbot, you can now start creating certificates.<\/p>\n<p>For wildcard certificates Let\u2019s Encrypt requires verification via DNS. This ensures that you are really authorized to create a certificate for this domain.<\/p>\n<p>So, to create a wildcard certificate for the *.avanet.com domain, we run the following commands:<\/p>\n<pre class=\"wp-block-code\"><code><strong>\r\nsudo certbot certonly --manual --preferred-challenges=dns --email prisni@hotmail.se --server https:\/\/acme-v02.api.letsencrypt.org\/directory --agree-tos -d tattva.se -d *.tattva.se<\/strong><\/code><\/pre>\n<figure class=\"wp-block-table\">\n<table>\n<tbody>\n<tr>\n<td><strong>certonly<\/strong><\/td>\n<td>Request or renew certificate without installing it<\/td>\n<\/tr>\n<tr>\n<td><strong>-manual<\/strong><\/td>\n<td>Obtaining certificates<\/td>\n<\/tr>\n<tr>\n<td><strong>-preferred-challenges=dns<\/strong><\/td>\n<td>Use DNS to authenticate as domain owner<\/td>\n<\/tr>\n<tr>\n<td><strong>-server<\/strong><\/td>\n<td>Server, which should be used for the generation of the certificates<\/td>\n<\/tr>\n<tr>\n<td><strong>-agree-tos<\/strong><\/td>\n<td>Agree with the terms and conditions of the ACME server<\/td>\n<\/tr>\n<tr>\n<td><strong>-d<\/strong><\/td>\n<td>Domain for which a certificate is to be created<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>After completing the above command, it is still necessary to verify the ownership of the domain. For this purpose, it is necessary to create a TXT record on the DNS servers.<\/p>\n<p>After verification, the certificates are generated and can be downloaded from the following path:<\/p>\n<pre class=\"wp-block-code\"><code>\/etc\/letsencrypt\/live\/<strong>tattva.se<\/strong>\/<\/code><\/pre>\n<p>Later we need the files <em>cert.pem<\/em> and <em>privkey.pem<\/em>. The last one must be renamed from <em>privkey.pem<\/em> to <em>privkey.key<\/em>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This article explains how to create a free Let\u2019s Encrypt wildcard certificate. I recommend using a certificate that is valid for longer than 3 months, such as Let\u2019s Encrypt certificates. At Central, the import cannot be automated yet. However, you often want to try out the ZTNA solution first in the 30-day test phase. Let\u2019s&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wprm-recipe-roundup-name":"","wprm-recipe-roundup-description":"","_kad_post_transparent":"default","_kad_post_title":"default","_kad_post_layout":"default","_kad_post_sidebar_id":"","_kad_post_content_style":"default","_kad_post_vertical_padding":"default","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6700","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/posts\/6700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/comments?post=6700"}],"version-history":[{"count":1,"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/posts\/6700\/revisions"}],"predecessor-version":[{"id":6701,"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/posts\/6700\/revisions\/6701"}],"wp:attachment":[{"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/media?parent=6700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/categories?post=6700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shakti.tattva.se\/index.php\/wp-json\/wp\/v2\/tags?post=6700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}