Confirmation of steps to implement a wildcard certificate


#1

Good evening,
Regarding the installation of a generic certificate on my domain, I do not see well the main steps to follow.

I understand that I have to install a DNS-01 challenge.
Then use Certbot on the public DNS server to position the certificate.

Is that the way it is?

My domain is http://vhost.fr
My public DNS server is BIND v9
I have three Web servers (Apache 2.4 on CentOS 7) behind a reverse proxy.

Thank you for your reply.


#2

Well,
You could just use sslforfree.com to create your wildcard because in my opinion it is very easy to get a wildcard certificate there without to many problems.
You can read a guide here on sslforfree on how to get wildcard ssl:
https://www.sslforfree.com/#content_index_options_wildcard


#3

I would prefer to recommend installable client applications (whether Certbot or any other) because they can perform automatic renewals, which web-based clients can’t.

@pbr18, the DNS challenge is what the certificate authority asks you to do each time to prove that you control the domain name. Certbot or another client application can request a wildcard certificate automatically if you have appropriate plugin support for a DNS provider API in order to make DNS changes as requested in the DNS challenge. One reason to prefer doing this via installable client software is that you’ll have to repeat the process at least every 90 days (the authorization obtained by completing a DNS challenge is not permanent, and normally you’ll have to complete a new challenge for each certificate renewal).


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.