To get wildcard ssl from LetsEncrypt, you have to validate over DNS. I posted a pretty good guide on here on how to do it, bit it's complicated to set up at first.
Do you mean this guide?
http://forum.centos-webpanel.com/index.php?topic=4686.0If yes, I forwarded step by step, its not work for me(CentOS7).
Install haveged: yum install haveged
OKGenerate a tsig:
cd /etc/named/
OKdnssec-keygen -a HMAC-SHA512 -b 512 -n acme
return: dnssec-keygen: fatal: the key name was not specifiedCreate a new zone called acme.schaffner.org:
/etc/named.conf
zone "acme.schaffner.org" {
type master;
file "/var/named/acme.schaffner.org.db";
allow-update {
key "acme";
};
};
Done/var/named/acme.schaffner.org.db
$ORIGIN .
$TTL 86400 ; 1 day
acme.schaffner.org IN SOA ns1.schaffner.org. rcschaff82.gmail.com. (
2020021035 ; serial
86400 ; refresh (1 day)
7200 ; retry (2 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
$TTL 14400 ; 4 hours
NS ns1.schaffner.org. ; THIS IS IMPORTANT. DO NOT USE BOTH NAMESERVERS FOR LE
$ORIGIN acme.schaffner.org.
$TTL 60 ; 1 minute
Done, but it's displayed corrupted in DNS Functions > List DNS Zones >Edit RecordsNow the fun part. You must add a cname for every domain that you want to have a wildcard certificate. Add the following to those domains dns entries ((**NOTE: This also works for domains not hosted on your server, ex godaddy))
_acme-challenge 600 IN CNAME _acme-challenge.acme.schaffner.org.
_acme-challenge.* 600 IN CNAME _acme-challenge.acme.schaffner.org.
DoneNow you are setup to generate wildcard certificates. IN this example I added the above cnames to domain.com
NSUPDATE_SERVER=localhost NSUPDATE_KEY=/etc/named/acme.key ./.acme.sh/acme.sh --issue --test -d *.domain.com --challenge-alias acme.schaffner.org --dns dns_nsupdate --debug 2
Return: -bash: ./.acme.sh/acme.sh: No such file or directory*schaffner.org changed with my server domain name.
Moreover, restart DNS failed because named.conf