Let's Encrypt Wildcard Certificate Issue
Introduction
In FASTPANEL® you can work with wildcard Let's Encrypt SSL certificates.
- What are Wildcard certificates?
- Let's Encrypt Wildcard certificates management in the control panel
- How to manually check validation DNS records availability?
- Automatic Let's Encrypt Wildcard certificates renewal
Let's Encrypt Wildcard certificates valid only for 90 days.
What are Wildcard certificates?
Standard SSL-certificates only ensure the security of one domain or a list of specific domain names.
Wildcard secures a domain and all its direct subdomains (Wildcard certificates are valid for the main domain + first-level subdomains. For example, the certificate for domain.tld will be valid for the following domain names: domain.tld, www.domain.tld, mail.domain.tld, anything.domain.tld, but will not be valid for git.anything.domain.tld).
Let's Encrypt Wildcard certificates management in the control panel
To issue a Let's Encrypt Wildcard certificate it is required to confirm domain ownership by adding validation DNS records and be able to manage them.
To issue a wildcard certificate:
Open a card of a site you want to install an SSL certificate to. Go to "Certificates"
Click "New certificate" in the top right corner of the screen.
In the opened modal window select "Let’s Encrypt" in the "Type" drop-down menu, switch to "Wildcard", enter your Email address in the corresponding field and click "Save" button. Your email address will be used to inform you about the certificate status
A new window will open containing validation DNS records. If DNS domain is managed by the panel, validation DNS records will be added automatically. Otherwise, DNS records have to be added manually.
Check DNS records availability.
How to manually check validation DNS records availability?
Records availability can be manually checked with the help of nslookup or dig utilities if they are installed in your system.
Example of domain.tld records check:
nslookup -q=TXT _acme-challenge.domain.tld.
dig _acme-challenge.domain.tld TXT
If the output shows DNS records required to confirm domain ownership by the verification center, you may continue to the next step.
Click "Continue" and the panel will check DNS records availability and run the check on Let’s Encrypt side. If the check is successful you will receive a new certificate.
Automatic Let's Encrypt Wildcard certificates renewal
To renew a Let's Encrypt Wildcard certificate, just as to issue a new one, it is required to confirm domain ownership.
The panel can run this procedure only if it can manage DNS domain
In other cases, the panel will request validation records and will notify you about the necessity to add new records by sending a notification email to the address specified at the registration stage. The rest of the renewal process is similar to the initial certificate issue process.