Everyone’s favorite SSL certificate authority Let’s Encrypt recently announced support for wildcard SSL certificates on their forum here using the ACMEv2 API. Wildcard SSL certificates still cost as much as $150-300/yr on the market. Getting them for free is a huge bonus.
Make sure you have version 0.22 or higher installed.
Install the Route 53 plugin. If you want to use an another DNS provider, replace certbot-dns-route53 with an option from below.
You have various DNS providers as options. Click on the provider that you are using to get the usage guide.
Issue SSL certs with Route 53 auth
You will be presented with the Access key ID and the Secret access key. Store this in ~/.aws/config in the following format:
Let’s generate the certs. Make sure you add –server https://acme-v02.api.letsencrypt.org/directory to point the v2 API which supports wildcard certs. At the time of writing this article the latest version of Certbot was still pointing to v1 API. You can track the progress for change in the defaults here.
Make sure you setup a cronjob for auto renewal. All settings including DNS endpoint used, API version used is auto saved.
Issuing certificates for other DNS providers should be similar. Following the usage guide should be enough. Make sure Certbot is pointed to the v2 API.