Arvixe (Cpanel), Let’s Encrypt and Wilcard certificates

Great news, Let’s Encrypt now supports Wilcard certificates, the procedure is very similar to the one described in a previous post, with only a couple of differences.

First, we need to specify the ACME v2 compliant URL in the certbot command:

sudo certbot certonly --manual --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory

Then follow certbot instructions as usual, for domain names I used catelin.net and *.catelin.net:

Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): catelin.net, *.catelin.net
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for catelin.net
dns-01 challenge for catelin.net

Then, instead of using a file for authentication, we need to enter a new DNS TXT record, as instructed by certbot:

Please deploy a DNS TXT record under the name
_acme-challenge.catelin.net with the following value:

BTZ5cofq_SuperLongCode_doUh6Wc9QxM

If you request only *.example.com then you need only one DNS TXT entry, if you install example.com and *.example.com then you need two DNS TXT entries. Note that you can’t add a third domain such as www.example.com as it would be redundant. As explained on https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578

Orders that contain both a base domain and its wildcard equivalent (e.g. *.example.com and example.com) are valid. In that case, there will be two authorization objects in the order for “example.com”, one of which represents the wildcard validation and one of which represents the base domain validation. Redundant entries will produce an error. For instance, and order containing both *.example.com and www.example.com would produce an error since the wildcard entry makes the latter redundant.

However, you will still be able to request separate certificates for subdomains, just that you can’t request them in the same session as your wildcard.

Then you can copy the .crt files to Arvixe using the Cpanel interface. You’ll have to install the same certificate (copy the same .crt file) for each of the subdomains you use with Arvixe.

Leave a Reply

Your email address will not be published. Required fields are marked *