Install LetsEncrypt Wildcard SSL Certificate on Debian

The following is based on Debian 8 64-bit, but it is also applicable to other Linux systems. Nginx is used, and Apache is the same.

1. Install Nginx

1. Update the system
apt update -y && apt upgrade -y
2. Install Nginx
apt install nginx -y

2. Install Lets Encrypt

1. Download certbot-auto
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto

2. Request an SSL certificate
./certbot-auto certonly –manual -d *.YOURDOMAIN –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory
YOURDOMAIN is changed to your domain name, such as zhujiwiki.com
There will be a Y/n option in the middle, select Y
You need to enter your email address and agree to the agreement.

Disagree to share Email
Agree to IP logging

3. Add a TXT record at the DNS resolution as shown above: _acme-challenge.jlu.za.org is the TXT name, and the value is qsQBqvwTKIPZedxaSvz-eXYt_ts3PVToXnolvdJJJyo
jlu.za.org is your own domain name

4. After adding the DNS resolution, wait a few minutes and press Enter. The certificate configuration file will be generated and located in the /etc/letsencrypt folder. The SSL certificate is shown in the figure below.

5. Update the certificate
The validity period of the LetsEncrypt Wildcard SSL certificate is 3 months and needs to be renewed before expiration
certbot-auto renew

6. Certbot knowledge
a. Help file
./certbot-auto –help all
b. Official website
https://certbot.eff.org/

3. Nginx configures LetsEncrypt Wildcard SSL certificate <br />The configuration file is as follows:
server {

 listen 80 default_server; listen [::]:80 default_server; server_name SUBDOMAIN.YOURDOMAIN; return 301 https://\$server_name\$request_uri;

}
server {

 listen 443 ssl; ssl_certificate /etc/letsencrypt/live/YOURDOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN/privkey.pem; server_name SUBDOMAIN.YOURDOMAIN; root /var/www/html; index index.html; location ~ /.well-known { allow all; }

}
Change SUBDOMAIN.YOURDOMAIN and YOURDOMAIN to your own domain name

via: https://www.devcapsule.com/docs/read/letsencrypt-wildcard-nginx-debian-stretch/