Back in February of 2018, I mentioned free wildcard SSL certificates would be soon be available. I didn’t go back and check with Let’s Encrypt until a couple of days ago (nearly three months).
The instructions for using the Certbot package at some websites are just plain wrong. There is no “certbot-auto” command. Remove the “-auto” and it works.
I can’t tell you how to install Certbot. I used these instructions the last time I did it. That was for Ubuntu Server 16.04. I’m sure it will work the same with Ubuntu Server 18.04. I’ll have to eventually switch near 16.04’s end-of-life date.
The Certbot command for my server was:
certbot certonly --manual --preferred-challenges=dns --email email@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.net -d example.net
There were two sets of instructions dealing with DNS entries that I had to follow before I could finish. I set the TTL for each entry for 60 seconds because I hate to wait. It was trial and error. I didn’t know the interface automatically tacked “.example.net”. I got it right on the second try.
Once I updated my Nginx configuration files and reloaded the server, I checked the certificate in Google Chrome. It was perfect.
If you have multiple domain names, you have to put the SSL directives under each server declaration. If you use only one domain name with one or more subdomains (other than “www”), you can put it at the http level configuration. That’s what I did.
I don’t have multiple subdomains right now. I only switched to a wildcard certificate so I won’t have to create more certificates later on. Everything from here on out should be automatic.
Should I add another domain name at my server, I’ll have to move everything back. It’s hardly worth mentioning since it’s just a copy and paste routine. I have no intention of accumulating domain names. It’s just not worth the effort. Well, for me anyway.
A wildcard certificate for multiple subdomains is the way to go. Even Google treats them like independent domains.