Let’s Encrypt Free Wildcard Certificate In Ubuntu 16.04

Please refer to the following steps on how to generate Let’s Encrypt Free Wildcard Certificate in ubuntu 16.04

Install Certbot

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot

Generate SSL Certificate with TXT records verification

sudo certbot certonly --manual -d *.aventistech.info -d aventistech.info --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

-d *.aventistech.info = your wildcard domain

Need to include the based domain (aventistech.info), else it will show untrusted when accessing via https://aventistech.info

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): kwyong@aventistech.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: n
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for aventistech.info

Please deploy a DNS TXT record under the name
_acme-challenge.aventistech.info with the following value:


Before continuing, verify the record is deployed.
Press Enter to Continue 

Enter the following TXT records in public DNS Server
_acme-challenge.aventistech.info with the following value:

Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2018-08-29. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le 

Copy all .pem to Windows 10 with Mobaxterm installed

kwyong@mylab:~$ su -
root@mylab:~# cd /etc/letsencrypt/live/aventistech.info/
root@mylab:/etc/letsencrypt/live/aventistech.info# ls
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

You have to install openssl plugin in Mobaxterm to continue the steps below

Export to cer & key files in Mobaxterm

openssl x509 -outform der -in cert.pem -out cert.cer
openssl rsa -outform der -in privkey.pem -out privkey.key

Export to PFX File in Mobaxterm

openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem                                                                           
Enter Export Password:
Verifying - Enter Export Password:              

Import the PFX file to Windows 2012R2 Server

Leave a Comment