Skip to content

Instantly share code, notes, and snippets.

@ziozzang

ziozzang/get-letsencrypt-wildcard-cert.sh

Last active May 8, 2018 02:16
Show Gist options
  • Save ziozzang/e7ed4081a32333914ec839d13301d3a2 to your computer and use it in GitHub Desktop.
Save ziozzang/e7ed4081a32333914ec839d13301d3a2 to your computer and use it in GitHub Desktop.
Download ZIP
This docs show how to issuing wildcard cert(by Let's Encrypt) with docker and DNS challenge. no need to install any software.
Raw
get-letsencrypt-wildcard-cert.sh
EMAIL="foo@barcom"
DOMAINS="example.com"
###################################################################
# Renewing
docker run \
-it --rm \
-v /opt/letsencrypt/:/etc/letsencrypt/ \
-v /opt/letsencrypt/logs/:/var/log/letsencrypt/ \
certbot/certbot \
renew
exit 0
###################################################################
# 1st issuing
# - cert will locate at /opt/letsencrypt/live/*
# - logs are at /opt/letsencrypt/logs/
docker run \
-it --rm \
-v /opt/letsencrypt/:/etc/letsencrypt/ \
-v /opt/letsencrypt/logs/:/var/log/letsencrypt/ \
certbot/certbot \
--manual \
--agree-tos \
--email "${EMAIL}" \
--preferred-challenges dns-01 \
-d ${DOMAINS} -d *.${DOMAINS} \
--server https://acme-v02.api.letsencrypt.org/directory \
certonly
Raw
issue-about-txt-record.md

TL;DR

This docs show how to issuing wildcard cert(by Let's Encrypt) with docker and DNS challenge. no need to install any software.

Issues

  • for wildcard cert, you have to add record both of not wildcarded and wildcarded one.
  • for example, if your domain is foo.com, you have to add foo.com and *.foo.com
  • That means DNS challenges are tried at each of, so you have dual TXT recoard for it.

DNS challenges

  • if such message shown, add TXT recoard for dual.
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

asdf-asdf-asdf

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

qqqq-qqqq-qqqq

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
  • shown as below
C:\Users\ziozzang>nslookup -q=TXT _acme-challenge.example.com 8.8.8.8
Server:    google-public-dns-a.google.com
Address:  8.8.8.8

Response:
_acme-challenge.example.com        text =

        "asdf-asdf-asdf"
_acme-challenge.example.com        text =

        "qqqq-qqqq-qqqq"
Raw
zz-free-domain-and-cert.md

TL;DR

  • you can get free Domain and Cert :)

Free Domain

  • you can get domains at https://dot.tk.

  • if domains remaining day under 1month, notification mail will arrived at your mail box. You can extend freely.

  • dns challenges are using with TXT recoard, and add twice TXT recoard with same name.

  • all other things are same process. enjoy yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment