Use acme.sh to create Wildcard certs via Let’s Encrypt
Install acme.sh
On the server requesting the cert:
curl https://get.acme.sh | sh
source ~/.bashrcCreate “hook” scripts for the acme.sh script
Issue the wildcard cert using acme.sh
acme.sh --issue --dns dns_tinydns -d '*.example.com' --server letsencrypt || {
echo "Could not generate cert"
exit 1
}Check here to see if the SSL we renewed.
If it was renewed, continue on with the rest of this process
If it was NOT renewed, go ahead and stop here
Install the cert locally
acme.sh --install-cert -d '*.example.com' \
--key-file /etc/ssl/private/example.com.key \
--cert-file /etc/ssl/certs/example.com.crt \
--fullchain-file /etc/ssl/certs/example.com_fullchain.crt || {
echo "Could not copy certificate files to destination"
exit 1
}Copy cert and key files to other servers
scp /etc/ssl/private/example.com.key root@zabbix.example.com:/etc/ssl/private/ || {
}
scp /etc/ssl/certs/example.com.crt root@zabbix.example.com:/etc/ssl/certs/ || {
}
scp /etc/ssl/certs/example.com_fullchain.crt root@zabbix.example.com:/etc/ssl/certs/ || {
}Restart services to load new SSL cert
systemd systems
ssh root@fs.example.com 'systemctl restart apache2'
ssh root@zabbix.example.com 'systemctl restart apache2'sysV systems
ssh root@fs.example.com 'service apache2 restart'
ssh root@zabbix.example.com 'service apache2 restart'BSD systems
ssh root@fs.example.com 'rcctl restart apache2'
ssh root@zabbix.example.com 'rcctl restart apache2'About the Author
Jim Lucas
Owner and proprietor of this establishment