Create a Free Let's Encrypt SSL Certificate in Minutes (Including Wildcard SSL)

Securing your website with HTTPS is no longer optional — it’s a necessity. Fortunately, Let’s Encrypt offers a free and automated way to install SSL certificates. In this guide, we’ll show you how to create and install a Let’s Encrypt SSL certificate, including wildcard support, in just a few minutes.

1. What Is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides digital certificates to enable HTTPS (SSL/TLS) for websites. It’s trusted by all major browsers and offers certificates that are valid for 90 days with the option for automatic renewal.

2. Benefits of Using Let’s Encrypt

• Free: No cost for SSL certificates.
• Easy: Simple setup with automation support.
• Secure: Industry-standard encryption.
• Trusted: Accepted by all modern browsers.
• Wildcard Support: Secure multiple subdomains with a single certificate.

3. Requirements Before You Start

To generate a Let’s Encrypt SSL certificate, ensure you have:

• Root or sudo access to your server
• A registered domain name
• Domain pointing to the server (DNS settings properly configured)

4. Installing Certbot

Certbot is the official Let’s Encrypt client used to request and install certificates. To install it:

sudo apt update
sudo apt install certbot

Or, for Apache:

sudo apt install python3-certbot-apache

Or, for Nginx:

sudo apt install python3-certbot-nginx

5. Generating a Standard SSL Certificate

Use the following command for a basic SSL certificate for your domain:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot will configure the SSL certificate automatically and reload your web server.

6. Generating a Wildcard SSL Certificate

Wildcard certificates allow you to secure all subdomains of a domain (e.g., *.yourdomain.com). To generate a wildcard certificate, you’ll need to use the DNS challenge method:

sudo certbot -d "*.yourdomain.com" -d yourdomain.com --manual --preferred-challenges dns certonly

You will be prompted to create a specific DNS TXT record in your domain registrar's control panel. Once the record is verified, the certificate will be issued.

7. Automating SSL Certificate Renewal

Let’s Encrypt certificates are valid for 90 days. Automating renewal ensures uninterrupted SSL coverage:

sudo certbot renew --dry-run

This command simulates the renewal process. Most servers also install a cron job or systemd timer for automatic renewals.

8. Verifying SSL Installation

After installation, you can verify your SSL certificate using tools like:

• SSL Labs SSL Test
• Why No Padlock?

9. Common Troubleshooting Tips

• Ensure your domain is correctly pointed to the server IP address.
• Check firewall settings and allow ports 80 and 443.
• Renewals may fail if the DNS challenge method is used manually.

10. Wildcard vs Standard SSL Certificate

Standard SSL: Secures one domain and optionally a www subdomain.

Wildcard SSL: Secures all subdomains (e.g., blog.yourdomain.com, shop.yourdomain.com) with one certificate.

Wildcard SSL is ideal for dynamic or subdomain-heavy environments.

11. Using Let’s Encrypt with Hosting Panels

Many hosting panels like cPanel, Plesk, and DirectAdmin support Let’s Encrypt integration. Simply go to the SSL section in your control panel and choose the option to install a Let’s Encrypt certificate. No manual commands needed!

12. Let’s Encrypt Certificate Structure

After installation, certificates are usually stored at:

• /etc/letsencrypt/live/yourdomain.com/fullchain.pem
• /etc/letsencrypt/live/yourdomain.com/privkey.pem

These files are used by the web server to establish the secure connection.

13. Security Best Practices

• Always redirect HTTP to HTTPS
• Implement HSTS (HTTP Strict Transport Security)
• Use strong cipher suites and protocols (disable older versions like TLS 1.0/1.1)

14. Advanced Options with Certbot

Certbot offers additional flags and plugins:

• --redirect: Automatically redirect all HTTP traffic to HTTPS.
• --hsts: Adds Strict-Transport-Security header to responses.
• --agree-tos: Automatically agree to the Terms of Service.

15. Conclusion

Let’s Encrypt makes it incredibly easy and free to secure your website. Whether you’re setting up SSL for the first time or managing multiple subdomains with a wildcard certificate, the process is straightforward and efficient. By leveraging Certbot, you can automate renewals, enhance security, and ensure your site builds trust with users and search engines alike.