Install ACME Client

  • There are many ACME client tools out there to choose. I used certbot because it is offically recommended in Letsencrypt site.
  • You simply follow instructions on certbot site to grab appropriate package for your target machine.
  • To be able to issue wildcard ssl, we need to use certbot 0.22+. But it is not available for Debian 8 installed on my Raspberry Pi. I have to install certbot-auto. I followed this link to install certbot-auto

Issue Wildcard SSL

  • Run the following command to issue SSL
    • cd to folder where you have grabbed certbot-auto
    • run sudo ./certbot-auto -d *.your.domain --manual --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 certonly
    • follow the instructions of installer.
    • You only need to pay attention to a important step that require you to add TXT dns record into your dns.

Renew SSL Certificate

  • Run sudo ./certbot-auto renew --cert-name tuanquynet.click --standalone --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
  • That's it