Add wildcard Let’s Encrypt certifications with Namecheap

Let’s Encrypt recently added wildcard certifications but it involves a little more steps than a normal certification process. First you must make sure you have certbot version 0.22.0 or above. You can get the latest version from the certbot site. As of now, you can’t get a high enough version using apt-get

wget https://dl.eff.org/certbot-auto
chmod
a+x ./certbot-auto
sudo
./certbot-auto

Once the latest version is installed we need to get a TXT DNS record value to add to Namecheap. This allows Let’s Encrypt to verify with your domain name provider rather than the server on a per subdomain basis. We can request a vlue for the TXT record from Let’s Encrypt with:

sudo certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns -d *.lmerza.com

Just replace lmerza.com with the name of your domain. Let’s Encrypt will ask you about exposing your server IP address to log the verification, select Yes then it will give you the host and value for the new TXT record you need to create:

Please deploy a DNS TXT record under the name                                                                          
_acme-challenge.lmerza.com with the following value:

yB0AXXXXXXORZXTwzeXXXXXXXXXXXXXXXXmOoA1-XXX

Before continuing, verify the record is deployed.

In the advanced DNS panel for your domain in Namecheap we need to create a new TXT Record and add _acme-challenge as the host and yB0AXXXXXXORZXTwzeXXXXXXXXXXXXXXXXmOoA1-XXX as the value:

Namecheap might take a while to sync the new record but you can test to see if the record has been synced by running the command (again replacing the domain name):

nslookup -type=TXT _acme-challenge.lmerza.com

You’ll get a server can’t find _acme-challenge.lmerza.com: NXDOMAIN error if the record hasn’t synced and a success answer like this if it has:

Server:         192.XXX.XXX.XXXAddress:        192.XXX.XXX.XXX#XX
Non-authoritative answer:
_acme-challenge.lmerza.com text = "5GFgXXWfT5V-XXXXXWfT5XXXX"

Once the record is synced continue the certbot process by pressing enter and you will see the usual Congratulations! Your certificate and chain have been saved at message. You can now use these new certification files to add to your web server.

ove. You can get the latest version from the certbot site. As of now, you can’t get a high enough version using apt-get

wget https://dl.eff.org/certbot-auto
chmod
a+x ./certbot-auto
sudo
./certbot-auto

Once the latest version is installed we need to get a TXT DNS record value to add to Namecheap. This allows Let’s Encrypt to verify with your domain name provider rather than the server on a per subdomain basis. We can request a vlue for the TXT record from Let’s Encrypt with:

sudo certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns -d *.lmerza.com

Just replace lmerza.com with the name of your domain. Let’s Encrypt will ask you about exposing your server IP address to log the verification, select Yes then it will give you the host and value for the new TXT record you need to create:

Please deploy a DNS TXT record under the name                                                                          
_acme-challenge.lmerza.com with the following value:

yB0AXXXXXXORZXTwzeXXXXXXXXXXXXXXXXmOoA1-XXX

Before continuing, verify the record is deployed.

In the advanced DNS panel for your domain in Namecheap we need to create a new TXT Record and add _acme-challenge.lmerza.com (replace with y our domain name) as the host and yB0AXXXXXXORZXTwzeXXXXXXXXXXXXXXXXmOoA1-XXX as the value:

Namecheap might take a while to sync the new record but you can test to see if the record has been synced by running the command (again replacing the domain name):

nslookup -type=TXT _acme-challenge.lmerza.com

You’ll get a server can’t find _acme-challenge.lmerza.com: NXDOMAIN error if the record hasn’t synced and a success answer like this if it has:

Server:         192.XXX.XXX.XXXAddress:        192.XXX.XXX.XXX#XX
Non-authoritative answer:
_acme-challenge.lmerza.com text = "5GFgXXWfT5V-XXXXXWfT5XXXX"

Once the record is synced continue the certbot process by pressing enter and you will see the usual Congratulations! Your certificate and chain have been saved at message. You can now use these new certification files to add to your web server.

One Comment on “Add wildcard Let’s Encrypt certifications with Namecheap”

  1. Hey I’m waiting for my DNS test record to sync, so haven’t got all set up yet, but wanted to take a moment to thank you for the article. Also you might want to proofread it and edit, it looks like you may have a copy-paste issue going on, most of the article content is duplicated 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *