{{announcement.body}}
{{announcement.title}}

Create Wildcard SSL Certificate With Let's Encrypt and Integrate Into Engineyard

DZone 's Guide to

Create Wildcard SSL Certificate With Let's Encrypt and Integrate Into Engineyard

In this article, we discuss how to create a wildcard SSL certificate with Let's Encrypt and integrate it into Engineyard.

· Security Zone ·
Free Resource

First, we are going to generate a wildcard SSL certificate for our domain, and then, we will see the process of integrating that certificate in engine yard. First, let’s get some insight about the terms we are going to use in this blog 

What Is SSL and Why Is it Used? 

SSL certificates are used to create an encrypted channel between the client and the server. Transmission of such data as credit card details, account login information, any other sensitive information has to be encrypted to prevent eavesdropping. 

What Is a Wildcard Certificate?

A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. Secure Sockets Layer (SSL) certificates often use wildcards to extend SSL encryption to subdomains. A conventional SSL certificate works on a single domain 

Why Let's Encrypt?

Let's Encrypt is a free, automated, and open Certificate Authority. That means you do not need to pay charges for SSL Certificate 

Creating a Wildcard Certificate

Step 1

First, you need to ssh login to your server ssh @.

Step 2 

Once you are logged in to your server, you need to install certbot to process further. (Certbot is not available in the default ubuntu repository.) Run the below command to add ppa repository. 

sudo add-apt-repository ppa:certbot/certbot

Update packages using the below command:

sudo apt update

Run the below command to install certbot:

sudo apt install certbot

Check which certboat is installed with the below command:

apt-cache policy certbot | grep -i Installed

Ref link: https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html 

Step 3

Now, as we have certbot installed on our server, we are able to generate a certificate. Use the below command to generate a wildcard certificate:

sudo certbot certonly --manual -d *. -d --agree-tos --no-bootstrap 
--manual-public-ip-logging-ok --preferred-challenges dns-01 --server 

https://acme-v02.api.letsencrypt.org/directory 

Here, you need to replace the above URL with your original domain. For eg: xyz.com. In the process we have --preferred-challenges dns-01. There are other options available if you want to try go to reference: https://letsencrypt.org/docs/challenge-types/.

Step 4

In this process, you will be asked to add TXT Record in your DNS. For that, you need to login to your DNS(Domain Provider like Bigrock, GoDaddy and more) account. 

Then, find the DNS records management panel. This depends on your domain provider system. Add TXT records given in the last step like below 

Name: Value: _acme-challenge= You can test whether TXT Records

Added on DNS or not on => https://mxtoolbox.com/, you need to follow this process two times. It will verify that you are the owner of the domain which you claim or acting as owner, and then it will generate certificates for your domain with a validity of 3 months 

Step 5

Add Certificates to your engine yard. Login to your engine yard account. From the tools dropdown, select SSL certificate. Click button, Add SSL Certificate 

Add the name for your certificate so you can identify it. Select the radio button named ‘Upload SSL Certificate’

In SSL Certificate Text Area add the certificate from a file generated in the last step named Fullchain.pem. View the content of that file with the below command [ in ssh logged in terminal ] 

sudo cat /etc/letsencrypt/live/unimedliving.com/fullchain.pem

In SSL Certificate Key Text Area, add the certificate from a file generated in the last step named privkey.pem. View the content of that file with below command [ in ssh logged in terminal ]:

sudo cat /etc/letsencrypt/live/unimedliving.com/privkey.pem

Finally, click on add certificate; it will take some time to appear this certificate for the selection. You have added a certificate in your engine yard. Now, you need to assign that certificate to your web app. Go to the Dashboard of engine yard 

Select the app in which you want to assign SSL Certificate. In the SSL section, you can see the option called "Assign SSL Certificate to". From the SSL Certificate dropdown, select the certificate you named uniquely. Then, click on update SSL Settings.

All things are set and done. Now, you only need to click the "Apply" button. After your changes are applied to your environment, you can check that your app is now SSL Protected.

You can perform SSL a test on https://www.whynopadlock.com/. You can use the same process for renewing your certificate after 90 days. If you use a single domain SSL, you can make this process automated by adding a script, but for wildcard domains, you can not perform automated process because it requires DNS Challenge to perform. In the future, there might be a way to do make challenges automated as well. We will update our blog if such a technique developed.

If you face any difficulties in following the above process, comment on the blog, and we will be happy to help. Thank you!

Topics:
engine yard ,let's encrypt ,security ,ssl certificate ,wildcard ssl certificate

Published at DZone with permission of sachin Gevariya . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}