How to configure Let's Encrypt Manually?
I use Certbot to install Let's Encrypt certificate. Yet, the my.reviewinnovations.com is NOT secure and seemed that the certificate it load is that for reviewinnovations.com.
I use the following command to get the certificate:
For my.reviewinnovations.com
certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email admin@reviewinnovations.com -d my.reviewinnovations.com
For reviewinnovations.com
certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email admin@reviewinnovations.com -d reviewinnovations.com
Both commands successfully generated the "renewal" of certificate. The problem is that the first one did not work.
I don't know where to start. How can I make this right?
2 Replies
watrick
Linode Staff
Instead of setting up a separate cert for each subdomain, I recommend using LetsEncrypt to set up a wildcard cert. This approach creates a valid cert for *.domain.com, where any subdomain you set up for your domain is covered. Wildcard certs aren't as straightforward, though it will allow you to do this once instead of for each subdomain.
Another user covered this in the following Community Site post:
I agree with @watrick - having a wildcard is flexible as you can use the cert for any number of subdomains you need either now or in the future.
However I personally prefer acme.sh over Certbot. It’s a pure shell script so has no library or packaging dependencies and supports Linode’s DNS out of the box (and plenty other providers!)
I contributed a guide on using acme.sh with Let’s Encrypt and Linode’s DNS.
New installs of acme.sh now use ZeroSSL by default, which don’t offer free wildcard certs. Just add “--server letsencrypt” to the commands in the article to use Let’s Encrypt instead.