How To Enable Wildcard For Subdomains Of A Domain With SSL

This is a step by step guide on how to enable wildcard for subdomains of a domain. When following this guide replace example.com with your actual domain name.

1. Enable wildcard for domain name in DNS record

Enable *.example.com in DNS record

2. Generating The SSL for wildcard

Make sure you have certbot version 0.31.0 or greater installed using command certbot --version

Obtain SSL certificates using command given below

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com -d example.com --manual --preferred-challenges dns-01 certonly

Before pressing enter to continue make sure DNS TXT record is updated successfully using command

dig -t txt domainProvidedByCertBot

For example

dig -t txt _acme-challenge.example.com

Above command works on Linux and MacOS

When you press enter you get location of wildcard certificate files, copy these locations because you need to put them in the vhost file.

4. Change Default vhost

To know default vhost on apache2 server run the following command

apache2ctl -S | grep default

The one which is working on port 443 is your default server.

To change default vhost first disable current default vhost using command

sudo a2dissite default.vhost.conf

Now create a new vhost file and it's name should be so that it comes first alphabetically before any other enabled-site on server.

Now enable new configuration using command

sudo a2ensite example.com.conf

Now you can re-enable the previous default vhost.

To ensure the default vhost changed again run command

apache2ctl -S | grep default

3. Configuring Default vhost

Replace it's SSL certificates with newly generated wildcard SSL certificates in the vhost file.

It will look like this

SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

In the server alias add *.example.com

4. Apply New Configurations By Restarting Apache2 Service

Test if you applied all the configurations correctly using command

apache2ctl configtest

If you see Syntax OK in output then you are ready to restart apache2 service, run the following command

sudo service apache2 restart

5. Test If It works

If everything went as plan then now if you visit anything.example.com you should see the homepage of your main domain.

6. If You Ran Into Issues Then These Articles Might Help

• https://httpd.apache.org/docs/2.4/vhosts/name-based.html
  
• https://medium.com/@lakin.mohapatra/generate-lets-encrypt-free-wildcard-certificate-on-ubuntu-18-dcf26f458e13