To get wildcard supported certificates, we need to pass the challenge which requires adding TXT records in your dns records.
To get certificates for single domains, there is no need to modify dns records. Check this link https://micropyramid.com/blog/configure-ssl-with-letsencrypt-and-nginx/ for more info.
Your distribution may have old version of certbot, so we will try with latest certbot from github repository. This solution is based on https://github.com/certbot/certbot/issues/5719, thanks to talyguryn.
git clone https://github.com/certbot/certbot cd certbot ./certbot-auto certonly --manual -d *.mydomain.com -d mydomain.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Please deploy a DNS TXT record under the name _acme-challenge.mydomain.com with the following value: qasdli_thisissometxtvalueherebrrrrrlaisd Before continuing, verify the record is deployed. ------------------------------------------------------------------------------- Press Enter to Continue ------------------------------------------------------------------------------- Please deploy a DNS TXT record under the name _acme-challenge.pietrack.com with the following value: aldsfj_onemorevalueheredurrrrrrrrlaisdj Before continuing, verify the record is deployed. ------------------------------------------------------------------------------- Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mydomain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mydomain.com/privkey.pem Your cert will expire on 2018-07-21. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
As the above suggests, in your dns records add TXT record, with
name: _acme-challenge.mydomain.com
and values
1. qasdli_thisissometxtvalueherebrrrrrlaisd
2. aldsfj_onemorevalueheredurrrrrrrrlaisdj
On successfull verifcation you should have certificates in /etc/letsencrypt/live directory.
Error: Failed authorization procedure.
In this case, check that your TXT records are updated, for that you can run:
host -t txt _acme-challenge.mydomain.com
Now that we have certificates in /etc/letsecrypt/live, add those certificates in nginx configuration:
server {
listen 443 ssl;
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
}
Micropyramid is a software development and cloud consulting partner for enterprise businesses across the world. We work on python, Django, Salesforce, Angular, Reactjs, React Native, MySQL, PostgreSQL, Docker, Linux, Ansible, git, amazon web services. We are Amazon and salesforce consulting partner with 5 years of cloud architect experience. We develop e-commerce, retail, banking, machine learning, CMS, CRM web and mobile applications.
Django-CRM :Customer relationship management based on Django
Django-blog-it : django blog with complete customization and ready to use with one click installer Edit
Django-webpacker : A django compressor tool
Django-MFA : Multi Factor Authentication
Docker-box : Web Interface to manage full blown docker containers and images
More...