How to issue a SAN or Wildcard Certificates for free

Post Date:1 de Junho, 2020

Last Updated on 1 de Junho, 2020 by Vítor Fernandes

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called Subject Alternative Names (SANs).

wikipedia

For this to work, you need to be hosted on Cloudflare platform. Don’t worry, a free account will do! Just add in your DNS panel a CNAME type record with the name _acme-challenge.www and a content target yourdomainname.com

I’m assuming that you already uploaded the folder. Right?! If not, please create a folder .well-known in your domain root directory. To test it out, just put a text file within the folder and try to access the folder in browser. If the filename is eg: text.txt, do your domainname.com/text.txt

Can’t access that file over the browser, just add an alias definition on your httpd-vhosts.conf file

Alias /.well-known "directoryname/.well-known"
<Directory directoryname/.well-known>
	AllowOverride All
	Require all granted
</Directory>

Use the powershell command line with administrator privileges. You can’t install the module remotely without do in that!

1 – Install the Posh-ACME module

More on that at github developer webpage

powershell -command "Install-Module -Name Posh-ACME -Scope CurrentUser"

2 – Allow the module to run without restrictions

powershell -command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"

3 – Import the module remotely

More on that at powershell developer webpage

powershell -command "Import-Module Posh-ACME"

Set a test mode environment (invalid certificate)

Only use this section to test before production

powershell -command "Set-PAServer LE_STAGE"

4 – Production mode (valid certificate)

LetsEncrypt only permits 50 new certificates per week

powershell -command "Set-PAServer LE_PROD"

5 – Create the SAN certificate with your Global API Key from Cloudflare

powershell -command "New-PACertificate '*.onedomain.pt','onedomain.pt','*.twodomain.pt','twodomain.pt' -AcceptTOS -Contact YourPersonalEmail -DnsPlugin Cloudflare -PluginArgs @{CFAuthEmail='YourCloudflareEmail'; CFAuthKey='YourCloudflareGlobalAPI'} -Verbose"

6 -Find your SAN certificate folder location

powershell -command "Get-PACertificate | fl"

Vítor Fernandes

< Técnico informático / Programador Web />

Sou um programador web capaz de se autogerenciar efetivamente durante projetos independentes. Atualmente, trabalho (e prefiro) no desenvolvimento em Wordpress, PHP e JavaScript.

Deixe uma resposta

O seu endereço de email não será publicado. Campos obrigatórios marcados com *

Related Posts

04Abr

How to Protect HTTP Headers on Apache

HTTP headers allow the client and the server to pass additional information with the request or the response. A... read more ...