In this KB
- Introduction to Let’s Encrypt Wildcard certificates
- Installation of Let’s Encrypt Wildcard certificates
- Setup CNAME record for Let’s Encrypt Wildcard domain authentication
- Important Notes
Let’s Encrypt is a popular certificate authority that offers free of cost SSL certificates. By eliminating all the complexities in the process of installing paid SSL certificates on your websites, Let’s Encrypt has greatly simplifies and optimized the process of setting up and renewing SSL certificates for websites.
Let’s Encrypt Wildcard certificates is a great way of protecting multiple sub-domains along with root domain with a single certificate.
- Let’s Encrypt Wildcard SSL certificates require DNS based domain authentication. During the process of installing the certificate, you will be provided with instruction for setting up DNS record in the relevant section below.
- If you wish to set up SSL certificate for single and/or multiple separate domains, please follow this KB.
Step 1: Go to Application Management
Login to your Cloudways account. Click Applications in the top bar to see the list of all available applications. Select the application for which you wish to set up the Wildcard SSL certificate.
Step 2: Set up Wildcard SSL Certificate
In the Application Management menu, click SSL Certificate to go to the relevant screen. Make sure that the toggle points towards Let’s Encrypt SSL Certificate.
To use Wildcard SSL, first enter your email address and root domain (without “www” or any other prefix including any subdomain) into the Domain Name field.
Next, click the checkbox with the caption Apply Wildcard. You will see a DNS record that you need set up as CNAME for your domain.
Step 3: Create a CNAME in Your DNS Provider Panel
While the actual process of setting up a CNAME differs slightly from provider to provider, a high-level view of the process is as follows:
- Log into your DNS provider panel or console.
- Navigate to your DNS Management page. The location and name of this page vary by provider, but it can be found under Domain Management or Advanced Settings and then select the domain name that you want to update.
- Locate the Records section. Choose to create an CNAME Record from the drop-down list and then complete the following fields:
- Host/Name : _acme-challenge (as shown in screen above )
- Value/Alias : phpstack-7242-377896.cloudwaysstagingapps.com. (mind the suffix dot)
- TTL (‘Time To Live’ is a propagation time. The value should be lowest i.e. 1 minute or leave this option default as per your registrar).
- Click the Save Changes button to apply the changes.
DNS propagation usually takes 5 minutes but in some cases, it could take upto 24 hours. You can check the status of your domain(s) propagation through online tools such as https://www.whatsmydns.net
As explained, the process can vary significantly from one provider to another. In the case of any issue, contact our Live Chat agents or open a support ticket and we will assist you accordingly.
Step 4: Verify DNS Propagation
Once DNS record has been propagated, click the Verify DNS button to validate the DNS records.
Step 5: Install Let’s Encrypt Certificate
Next, click the Install Certificate button to initiate the process of installing the Let’s Encrypt Wildcard certificate.
- Automatic/Manual renewal of the Let’s Encrypt Wildcard certificate will be affected if you delete the generated CNAME record.
- Let’s Encrypt Wildcard SSL certificates cannot be deployed with existing certificates. You will need to revoke existing Let’s Encrypt certificate and then create the Let’s Encrypt with Wildcard option.
- Let’s Encrypt Wildcard SSL certificates only work with a SINGLE domain and are not available for multiple domains.
- Once installed, if you wish to modify the Let’s Encrypt Wildcard certificate, you need to revoke the existing certificate and then create the updated certificate.