skip to content W3C SVG

Let's Encrypt wildcard

Sep 4, 2019

Install

apt-get update
apt-get install git
cd /opt
git clone https://github.com/certbot/certbot

Gen

/opt/certbot/letsencrypt-auto certonly -d *.domain.ru -m webmaster@domain.ru --server https://acme-v02.api.letsencrypt.org/directory --manual

Answer

Upgrading certbot-auto 0.22.2 to 0.25.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for domain.ru

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

Answer: Y

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.domain.ru with the following value:

RVSD8RHaITG8rXxh3OGiwq8fq4du5VksR6MsfGlKyE1

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

DNS

Проверочные данные нужно ввести в поле: ‘_acme-challenge.domain.ru. тип поля: TXT’

_acme-challenge.domain.ru.        IN    TXT    "RVSD8RHaITG8rXxh3OGiwq8fq4du5VksR6MsfGlKyE1"

Проверить:

dig @8.8.8.8 -t txt _acme-challenge.domain.ru

Результат:

; <<>> DiG 9.10.3-P4-Debian <<>> -t txt _acme-challenge.domain.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65104
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;_acme-challenge.domain.ru. IN  TXT

;; ANSWER SECTION:
_acme-challenge.domain.ru.  3600 IN TXT "RVSD8RHaITG8rXxh3OGiwq8fq4du5VksR6MsfGlKyE1"