First you have to make sure that you are familiar with using unix terminal (if you use Mac you can just play around with default terminal, if you use windows my recommendation is use ubuntu wsl). Also make sure that Docker is installed in your system. You can use Docker for Mac / Docker for Windows / Native Docker installation in Linux.
You should have access to DNS administration access for the domain that you want to generate SSL certificate. I'd recommend you use Cloudflare for DNS administration if you have a domain but the registrar do not give free access to DNS administration. You will need to change TXT record of your domain using this service later.
This is the source code of the shell script that you need to run to generate the ssl:
#!/bin/sh
docker run -it --rm --name certbot \
-v "$PWD/letsencrypt:/etc/letsencrypt" \
certbot/certbot certonly --manual \
--preferred-challenges=dns \
-d "*.example.com"
Save this shell script with .sh extension (i.e. run-certbot.sh) and make sure it is executable (by using chmod +x). Place it in the directory where you want to store your ssl certificate, make sure to remember this directory since it will be used in the future when you want to renew the certificate (the certificate will active for 90 days). Don't forget to change example.com with the domain name that you own. Then just run the script and follow the on screen instructions.
After generating those ssl, you need to change the owner of the letsencrypt folder (folder that has been generated when you run the docker script) to your current user & group so you will have access to the folder. You will need to have elevated privilege to run this chown command (use sudo). Then you can access the certificate in this location:
- ./letsencrypt/live/example.com/fullchain.pem (if you use nginx this will be used as ssl bundle / ssl_certificate file)
- ./letsencrypt/live/example.com/privkey.pem (if you use nginx this will be used as private key / ssl_certificate_key file)
Few things to take note:
- Every 3 months, you need to extend your SSL, you have to use same directory or else you will generate new SSL instead.
- Change example.com to your owned domain name and make sure you are ready to add TXT record on that domain. The SSL will be generated after the TXT record has been verified by the certbot.
- Since this is wildcard certificate, this certificate is valid for one level of subdomain so i.e. it will be active for these domains: example.com, www.example.com, dashboard.example.com. But it can't be used for two level subdomain like: auth.dashboard.example.com.
Top comments (0)