How to get a free wildcard SSL certificate!

Let’s Encrypt recently released free wildcard certificates for everyone!

The script we’ll be using for this is, which is currently one of the few programs that supports acme v2. Also, wildcard SSL certificates can only be made with DNS verification, and has support for many DNS APIs, so it can auto-renew for you. To get this script, simply run:

curl | sh

Getting the certificate

I use Cloudflare, so that’s what I’m going to use in this example. You need to get your Cloudlfare API key, and then run:

export CF_Key="yourapikeygoeshere"
export CF_Email=""

Then, you can issue the certificate with: --issue -d -d * --dns

Using the certificate

Now, in the user you ran with, you’ll see a folder appear. In that folder, among other things, will be a folder called and * You’ll want to use the certificates in as those will cover every subdomain for, and itself. To use this in apache, use something like:

SSLCertificateFile  /home/www-data/
SSLCertificateKeyFile   /home/www-data/

and then restart apache. Be sure that the apache user can access the folder and all of its contents.

What these certificates will work for

These certificates will work exactly like the paid ones, except that you can’t get extended validation ones. You can use them in dovecot to not get warnings each time you check your mail, you can use them on your website without Cloudflare, you can use them with Cloudflare strict SSL, as they are valid certificates, and more. Since I use Cloudflare, I mainly just use the certificates for dovecot, and that works fine for me. For example, gmail can use POP3S to check another email account and import the messages into your gmail. Before I had a valid certificate, gmail would refuse to connect, but with Let’s Encrypt, gmail accepts the certificate and actually imports all of my emails into one place 🙂

Let me know what you do with your certificate in the comments below.

Source: GitHub

Affiliate disclosure: This post may contain affiliate links. Affiliate links are special links which allow the destination website to know we sent that visit, and will often set a cookie to remember that. Should you then purchase their product/service, we may get a commission. Learn more.

Affiliate link:
%d bloggers like this: