Generate Wildcard SSL Certificate from Let’s Encrypt

Steps to generate wildcard SSL certificate from Let’s Encrypt with Posh-ACME

Refer to How to generate SSL Cert with Certbot in Debian to generate the SSL Cert manually

Install Posh-ACME PowerShell Module prior continue the section below

Install-Module -Name Posh-ACME

Posh-ACME with DNSMadeEasy Plugins

Get the API Key & Secret Key from DnsMadeEasy

posh-ACME with DNSMadeEasy Plugins

Prepare the API & Secret Key obtained

#Prepare the SecretKey & API Key for DNS Made Easy
$SecreatKey = "XXXXXXXXXXXXXXXXXXXXXXXx"
$APIKey = "XXXXXXXXXXXXXXXXXXXXX"

# On Windows, prompt for the SecureString secret
$DmeSecret = $SecreatKey | ConvertTo-SecureString -AsPlainText -Force
$DmeParams = @{ DMEKey=$APIKey; DMESecret=$DmeSecret }

Request SSL Certificate from Let’s Encrypt with DMeasy DNS Plugin

# Request the cert
New-PACertificate *.unibytez.com -AcceptTOS -DnsPlugin DMEasy -PluginArgs $dmeParams -Contact [email protected] -PfxPass "[email protected][email protected]#$"
    Please review the Terms of Service here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

    Subject           NotAfter              KeyLength Thumbprint                               AllSANs         
    -------           --------              --------- ----------                               -------         
    CN=*.unibytez.com 18/11/2019 6:48:05 PM 2048      A7C5F60CCFC41BA4279F7E5F3BE018D944B2E350 {*.unibytez.com}

Posh-ACME with Cloudflare DNS Plugins

Login to Cloudflare portal and go to API Tokens

Create a New API Token with

  • Permissions – Zone – DNS – Edit
  • Permissions – Zone – Zone – Read
  • Zone Resources – Include – All Zones

Click Create Token

Copy the Cloudflare API Token

Generate a Wildcard SSL Certificate from Let’s Encrypted with the PowerShell script below

#Coovert the API Token to Secure String
$Token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxU" | ConvertTo-SecureString -AsPlainText -Force
$pArgs = @{ CFToken = $Token }

New-PACertificate *.aventislab.com -AcceptTOS -DnsPlugin Cloudflare -PluginArgs $pArgs -Contact [email protected] -PfxPass "XXXXXXXXXXXXxx"

Subject           NotAfter             KeyLength Thumbprint                               AllSANs         
-------           --------             --------- ----------                               -------         
CN=aventislab.com 6/2/2020 12:14:41 PM 2048      XXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxx {aventislab.com}

Verification

Verify the SSL Certificate are created in C:\Users\Administrator\AppData\Local\Posh-ACME\acme-v02.api.letsencrypt.org

Get-ChildItem $env:LOCALAPPDATA\Posh-ACME\acme-v02.api.letsencrypt.org\79673667\!.aventislab.com


    Directory: C:\Users\Administrator\AppData\Local\Posh-ACME\acme-v02.api.letsencrypt.org\79673667\!.aventislab.com


Mode                LastWriteTime         Length Name                                                                                                                                                       
----                -------------         ------ ----                                                                                                                                                       
-a----         3/4/2020   1:14 PM           1907 cert.cer                                                                                                                                                   
-a----         3/4/2020   1:14 PM           1700 cert.key                                                                                                                                                   
-a----         3/4/2020   1:14 PM           3116 cert.pfx                                                                                                                                                   
-a----         3/4/2020   1:14 PM           1647 chain.cer                                                                                                                                                  
-a----         3/4/2020   1:14 PM           3555 fullchain.cer                                                                                                                                              
-a----         3/4/2020   1:14 PM           4414 fullchain.pfx                                                                                                                                              
-a----         3/4/2020   1:14 PM           2364 order.json                                                                                                                                                 
-a----         3/4/2020   1:14 PM           1082 request.csr  

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top