Create wildcard SSL with Certbot on Ubuntu Linux for Node.js

sudo apt-get install nginx
sudo apt-get update
sudo apt-get install python3-certbot-nginx
you can also do the installation using snap as recommended by certbot https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

Setup Ngnix

//Allow through Firewall, ufw stands for uncomplicated firewall
sudo ufw allow 'Nginx Full'
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonlyDeploy a DNS TXT record provided by Let’s Encrypt certbot after running the above command. once u deploy the TXT record wait for 3 mins atlest before startting verification because deployment of DNS record takes time//check certificate exists
sudo certbot certificates
sudo nano /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name *.example.com;
return 301 https://$host$request_uri;
}

// The above block redirects all http requests to https
server {
listen 443 ssl;
server_name *.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
//the certificate won't work for example.com, so the following server context redirect all requests to example.com to www.example.comserver {
server_name .example.com;
return 301 http://www.example.com$request_uri;
}
//we could have also done the above job with if statement but it shows inconsistent behaviour (but only in the location context)
sudo systemctl reload nginx

How to remove certificates?


#This command will offer an index from which you can select the domain name to delete
sudo certbot delete
# Show the list of certificates 
certbot certificates
# Remove certificates for a given domain
sudo certbot delete --cert-name $mydomain
etc/nginx/sites-available/default

Written by

Finding Magic.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store