Installing Letsencrypt wildcard certificate with Debian 8 / Nginx

It is actually very simple.

1. First things first, you need to install or upgrade your certbot client, it needs to be version 0.22+. Or you can uninstall the current version and install the new version, see below

# wget
# chmod a+x ./certbot-auto
# sudo ./certbot-auto

2. Generate the certificate using the command below

# sudo ./certbot-auto certonly \
 --server \
 --manual --preferred-challenges dns \
 -d * -d

Note that you will need to specify both “-d * -d” for it to include all subdomains and root domain. ACMEv2 is required for wildcard certificate, so the command uses the new URL

3. Create a validation TXT DNS record for your domain. Follow the wizard, it will ask you to define a TXT DNS record for your domain.

 Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.
 Press Enter to Continue

4. Once the TXT record is validated, your certificate will be generated and ready to be installed with nginx. Just add these lines

listen 443;
 ssl on;
 ssl_certificate /etc/letsencrypt/live/;
 ssl_certificate_key /etc/letsencrypt/live/;

5. Restart your server and you should be good to go

Don’t forget to setup your crontab to update the certificate when it expires. Add this to your crontab

* 3,15 * * * /opt/certbot-auto -q renew  --renew-hook "/etc/init.d/nginx reload" >> /var/log/certbot-auto-renew



Leave a Reply to kalamba Cancel Reply

One Comment

  1. kalamba says:

    It’s working! Thank you very much!