WILDCARD SSL INSTALLATION ON UBUNTU 22 using CERTBOT

SSH into the server

INSTALL SNAPD

sudo apt update
sudo apt install snapd

Install Certbot

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --nginx

sudo certbot renew --dry-run

Install Manual WILDCARD SSL

wget https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py

chmod +x acme-dns-auth.py

wget https://github.com/possiblefix/irfankorai/raw/master/acme-dns-auth.py

chmod +x acme-dns-auth.py

nano acme-dns-auth.py

sudo mv acme-dns-auth.py /etc/letsencrypt/

sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.site.com -d site.com

sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.pakwebstuff.com -d pakwebstuff.com

certbot revoke --cert-path /etc/letsencrypt/live/site.com/fullchain.pem --key-path /etc/letsencrypt/live/site.com/privkey.pem --reason keyCompromise

certbot revoke --cert-path /etc/letsencrypt/live/pakwebstuff.com/fullchain.pem --key-path /etc/letsencrypt/live/pakwebstuff.com/privkey.pem --reason keyCompromise

sudo certbot delete --cert-name pakwebstuff.com
rm -rf /etc/letsencrypt/live/pakwebstuff.com

sudo certbot renew

crontab -e

43 6 * * * certbot renew --post-hook "systemctl reload nginx"

certbot certonly —manual \ —preferred-challenges dns \ —email your@email.com \ —agree-tos \ —key-type rsa \ -d ‘*.site.com’ -d site.com or

sudo certbot certonly \ —dns-route53 \ —key-type rsa \ —agree-tos \ -d site.com \ -d ‘*.site.com’