Wildcard certificates
If you have multiple services running on your server and need to generate certs,
it might be easier to generate a single certificate for *.domain.com
instead
of individual certificates for servicea.domain.com
and serviceb.domain.com
.
It’ll be easier to manage a single key too.
Google Domains
We assume already have a *.domain.com
Type A entry in Google Domains. I’m
using Dynamic DNS with ddclient
Certbot
We’ll use certbot and it’s google domain plugin. It’s better to install certbot via pip so we get the latest version
sudo python3 -m venv /opt/certbot/
source /opt/certbot/bin/enable
pip install --upgrade pip
pip install certbot
We’ll use this plugin which you can install via
pip install certbot certbot-dns-google-domains
Create a file /etc/letsencrypt/dns_google_domains_credentials.ini
and fill it
with
dns_google_domains_access_token = <token>
You can get the token from Google Domains -> Security -> ACME DNS API -> Create token
Run certbot
with
certbot certonly --authenticator 'dns-google-domains' \
--dns-google-domains-credentials '/etc/letsencrypt/dns_google_domains_credentials.ini' \
--server 'https://acme-v02.api.letsencrypt.org/directory'
--dns-google-domains-zone 'domain.com' -d '*.domain.com'
Make sure you update your NGINX configurations to use the new certificate.
TL;DR (auto-generated with llama3.2:1b)
📝🔒💻🎯📊🚨😊
The post discusses how to obtain and install a wildcard certificate on Google Domains using the certbot plugin. It covers the following steps:
- Install certbot via pip.
- Create credentials file for Google Domains DNS API with an access token.
- Run certbot to obtain a certificate, specifying the Google Domains zone and wildcard domain.
- Update NGINX configurations to use the new certificate.
The post provides a step-by-step guide and assumes familiarity with Python and certbot tools.