Let’s Encrypt Free Wildcard Certificate for Ubuntu 16.04

Let’s Encrypt Free Wildcard Certificate for Ubuntu 16.04

Please refer to the following steps on how to generate Let’s Encrypt Free Wild Card Certificate in ubuntu 16.04

Install Certbot

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot

Generate SSL Certificate with TXT records verification

sudo certbot certonly --manual -d *.aventistech.info --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

-d *.aventistech.info = your wildcard domain

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): kwyong@aventistech.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: n
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for aventistech.info

Please deploy a DNS TXT record under the name
_acme-challenge.aventistech.info with the following value:


Before continuing, verify the record is deployed.
Press Enter to Continue 

Enter the following TXT records in public DNS Server
_acme-challenge.aventistech.info with the following value:

Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2018-08-29. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le 

Copy all .pem to Windows 10 with Mobaxterm installed

kwyong@mylab:~$ su -
root@mylab:~# cd /etc/letsencrypt/live/aventistech.info/
root@mylab:/etc/letsencrypt/live/aventistech.info# ls
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

You have to install openssl plugin in Mobaxterm to continue the steps below

Export to cer & key files in Mobaxterm

openssl x509 -outform der -in cert.pem -out cert.cer
openssl rsa -outform der -in privkey.pem -out privkey.key

Export to PFX File in Mobaxterm

openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem                                                                           
Enter Export Password:
Verifying - Enter Export Password:              

Import the PFX file to Windows 2012R2 Server

Leave a Comment