The internet of the future is going to be encrypted. That would make it compulsory for the websites to adapt to the HTTPs regime. Your site is built on resources like cookies, images, scripts and many other options. If you do not want the content to be vulnerable, you need to opt for the encryption of all elements of your website. For that to happen, you need to get SSL certification. Let’s Encrypt is a capable service that excels in providing you the SSL certificates for proper encryption of your site. Use LetsEncrypt Wildcard Certificate? We will uncover the details in this post.
SSL Certificates – An Overview
For the encrypted websites, you need to use HTTPS, which is the secure version of the ubiquitous HTTP connectivity. It is used for encrypting your data between a user and a web application.
For this to work as expected, you would need to have SSL certificates for your website. The best option to get a valid SSL certificate is to use the services provided by the certificate authorities like Comodo or similar other providers. However, these services do come with a premium as you would need pay for the services rendered.
Another option would be to use the 90-day certificates; some services offer you SSL certificates for free. Let’s Encrypt, for example, is a certificate authority that gives you free and automated certification services. They have recently announced the launch of wildcard certificates which can be a good option for most website owners.
The wildcard SSL certificate would be the excellent solution for your requirements for deploying the HTTPS regime on your sites. Opting for the certificate deployment on multiple subdomains without the need for individual certification of each of your subdomains would indeed be the best exercise you would check out.
What is a Wildcard Certificate?
Before we can proceed to understand how to use wildcard certificate with Let’s Encrypt, it would be a good idea to learn a little about what a Wildcard Certificate is. That would offer you a base for a proper understanding of the concept.
A wildcard certificate is the one that would work across all the subdomains of a website. In fact, each of the subdomains of a site would need individual licenses for each of the subdomains. A wildcard will remove this requirement and would work across all the subdomains of a particular root domain.
Use LetsEncrypt Wildcard Certificate
This tutorial makes use of the steps in the easiest possible manner. The steps involved here should work for the versions of Linux distribution.
Before we can use the wildcard certificate for your site, you will need to prepare your site for the purpose.
Prepare the site for Wildcard SSL certificate
Make sure you have a registered domain. For the purpose of this tutorial, we would need an Ubuntu 16.04 server with sudo access. Ensure that you have NGINX installed on your system.
Next, configure your domain DNS records for which the steps would defer according to your hosting provider. Follow the steps here below –
- Go to your DNS Manager.
- Create aA/AAAA Record with the following details.
Host name – **.*yoursite.com
Value – your_server_ip_address
The next step would be to configure the NGINX for serving an HTML file. G=Here are steps you need to follow –
- Install NGINX
sudo apt-get update
sudo apt-get install nginx
- Next, create an index file at /var/www/htmlon your server. Use the following details
<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset=”UTF-8″>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
<meta http-equiv=”X-UA-Compatible” content=”ie=edge”>
<title>Test Application</title>
</head>
<body>
<h2 id=”intro”></h2>
</body>
<script>
letgetUser = () => {
var full = window.location.host
var parts = full.split(‘.’)
var sub = parts[0]
returnsub.charAt(0).toUpperCase() + sub.slice(1).toLowerCase();
}
document.getElementById(‘intro’).innerHTML = `Hi, ${getUser()}`
</script>
</html>
- Once done, open the default NGINX configuration. Here is the command for the purpose –
sudonano /etc/nginx/sites-available/default
- Replace the contents of the default configuration with the following content-
server {
server_name *.yoursite.com;
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
- Finally, test your configuration with the command here below –
sudonginx -t
sudo service nginx restart
That should complete the preparations of your site towards using the wildcard certificates on your website. Please change yoursite.com with your domain in above steps.
Now use Wildcard certificates from Let’s Encrypt on your site
For installing the wildcard certificate on your site, you will need to install the certbot software. Here is how we would be doing it –
- Install PPA through the following commands.
sudo add-apt-repository ppa:certbot/certbot
- You should be asked to confirm the addition. Confirm when prompted.
- Next, install the Certbot NGINX software through these commands –
sudo apt-get update
sudo apt-get install python-certbot-nginx
Next step would be to obtain the Wildcard SSL certificate. It involves further set of sudo commands as explained here below.
- Run the command mentioned here below to obtain the wildcard certificate from Let’s Encrypt.
sudocertbot –server https://acme-v02.api.letsencrypt.org/directory –manual –preferred-challenges dns –installer nginx -d *.yoursite.com
Make sure you change the domains name from yoursite.com to your domain name.
- You will now need to enter your email address. This would be needed for renewals and other security notices.
- Agree to the terms and conditions. Check out all the conditions and answer with a ‘Y’ to all the questions.
The further steps would involve setting up the DNS for your domain. Here would be the steps for setting it up –
- You will now find a value that you would need to enter the TXT value for the domain you are using.
- Press ENTER to continue.
- Go to the DNS Manager of your domain and create a TXT record.
- Set the TTL value as low as possible. This will speed up the performance.
This step would verify your DNS challenge. Now you will be shown the list of server blocks in your NGINX configuration. You need to choose the ones you want to deploy the certificate for. Choose 1 for manual deployment by selecting the ones you prefer. If you’re going to implement certificate for all, press ENTER.
In the next step, choose which pages you would want to redirect to HTTPS from HTTP. You should be presented a list similar to the one as above. Press ENTER to continue.
That completes the task of using the Wildcard SSL certificates for your domain using Let’s Encrypt.
Let’s Encrypt – A Practical Tool for encryption
Let’s Encrypt is the most preferred free, automated and open certificate authority, developed by Internet Security Research Group. They offer you a hassle free and completely free option to install the SSL certificates on your site.
The features that would make them an exceptional choice can be
- They are FREE – The service is available at no cost. You can use it as long as you have a domain.
- Transparent Functionality –The certificates are available for public scrutiny, and practically anyone can check and inspect them.
- Security at its best – The service is quite secure and designed for the benefit of the public. It offers you advanced TLS security options.
- Automatic Renewals –You need not remember to renew the certificate. Obtaining the certificate, deploying it and renewing – all the tasks are completely automated.
- A cooperative initiative in its own right – The service, as we stated before has been designed for the benefit of the public.
In Conclusion
Encrypting your website is the need of the hour, whether Google or the users themselves have preferred the HTTPS instead of HTTP. Growing demand and necessity for the secure connections has become the vital aspect of streamlining the websites for many of the website owners. From that perspective, wildcard SSL certificates can be cost savers and economical in more ways than one.
If you do not want to spend a fortune on individual SSL certification for each of the domains on your site or checking out a reliable and cost-effective option for encrypting your website, the SSL certificate service from Let’s Encrypt is indeed a blessing in disguise. The fact that they are not just “another’ service offering SSL certificates for free and come from the secure environment and functionality, we would consider it to be the best option for you.
Please note that there are several ways you can use to deploy certificates for your website using Let’s Encrypt. We have used one of the available options for effective deployment of SSL certificates for your site.
Have you used Let’s Encrypt and its services for enhanced performance and encryption of your website? If you do, we will welcome you to share with us the experiences you have had in installing the SSL certificate on your site. Your feedback would indeed be useful for our readers and us alike.