Generate Wildcard SSL certificate using Let's Encrypt - Certbot CLI

generate-wildcard-cert.sh

# Install SSL Wildcard Certificate
sudo certbot certonly --manual --preferred-challenges=dns --email me@mydomain.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.mydomain.com

# SSL Vulnerability Testing
docker run --rm -ti drwetter/testssl.sh -U mydomain.com 

# Online testing tool
# https://www.ssllabs.com/ssltest/analyze.html?d=mydomain.com&latest

mydomain.com.conf

<VirtualHost *:443>

  ServerAdmin me@mydomain.com
  ServerName mydomain.com
  DocumentRoot /var/www/mydomain.com

  SSLEngine On

  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"  
  
  SSLProtocol             +TLSv1.2
  SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-G$
  SSLHonorCipherOrder     on
  SSLCompression          off

  SSLOptions +StrictRequire

  SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

<VirtualHost *:80>

  SSLEngine off
  Redirect permanent / https://mydomain.com/

  ServerAdmin me@mydomain.com
  ServerName mydomain.com
  DocumentRoot /var/www/mydomain.com

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>