Here are the steps to setup a wildcard SSL certificate using Let's Encrypt with Nginx on Ubuntu. You will use Certbot along with DNS-01 challenge for verification.

Step by Step Guide

1. Install Certbot and Nginx Plugin

First, make sure your package lists are up to date, then install Certbot and the Nginx plugin.

sudo apt update sudo apt install certbot python3-certbot-nginx

2. Install Required DNS Plugin (DNS-01 Challenge)

Certbot requires DNS challenge to issue wildcard certificates. Depending on your DNS provider, you will need to install the relevant plugin (e.g. for Cloudflare):

sudo apt install python3-certbot-dns-cloudflare

For other providers, replace cloudflare with the name of your DNS provider. You can see the supported plugins for Certbot here.

3. Create DNS API Credentials

For DNS providers like Cloudflare, you need to create an API token that allows Certbot to update DNS records.

Cloudflare: Go to your Cloudflare account -> API Tokens -> Create Token.

Save your credentials to a file on your server:

sudo mkdir /etc/letsencrypt
sudo touch /etc/letsencrypt/cloudflare.ini
sudo chmod 600 /etc/letsencrypt/cloudflare.ini

Add the following content to /etc/letsencrypt/cloudflare.ini:

dns_cloudflare_email=
dns_cloudflare_api_key=

4. Get a Wildcard SSL Certificate

Run the following command to issue a wildcard certificate using the DNS-01 challenge:

sudo certbot certonly \ --dns-cloudflare \ --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \ -d example.com \ -d *.example.com

Replace example.com with your domain.

5. Configure Nginx to Use Wildcard Certificates

Edit the Nginx configuration to use the new SSL certificate. Open the Nginx configuration file for your site:

sudo nano /etc/nginx/sites-available/your-site.conf

Update or add the following lines inside the server block:

server {
listen 443 ssl;
server_name example.com *.example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
}

Replace example.com with your domain.

6. Test Nginx Configuration

To make sure there are no syntax errors in your Nginx configuration, run:

sudo nginx -t

If the test passes, reload Nginx:

sudo systemctl reload nginx

7. Automate Certificate Renewal

Let's Encrypt certificates are valid for 90 days, so you should automate their renewal. Certbot automatically creates a cron job, but you can test it manually by running:

sudo certbot renew --dry-run

This ensures that the automatic renewal is working properly.

By following these steps, you will have a wildcard SSL certificate for your domain using Let's Encrypt, installed on Nginx on Ubuntu, with automatic renewals set up.

So that I can be more enthusiastic about writing, please treat me