How to issue a SAN or Wildcard Certificates for free


Last Updated on 1 de Junho, 2020 by Vítor Fernandes

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called Subject Alternative Names (SANs).

wikipedia

For this to work, you need to be hosted on Cloudflare platform. Don’t worry, a free account will do! Just add in your DNS panel a CNAME type record with the name _acme-challenge.www and a content target yourdomainname.com

I’m assuming that you already uploaded the folder. Right?! If not, please create a folder .well-known in your domain root directory. To test it out, just put a text file within the folder and try to access the folder in browser. If the filename is eg: text.txt, do your domainname.com/text.txt

Can’t access that file over the browser, just add an alias definition on your httpd-vhosts.conf file

Alias /.well-known "directoryname/.well-known"
<Directory directoryname/.well-known>
	AllowOverride All
	Require all granted
</Directory>

Use the powershell command line with administrator privileges. You can’t install the module remotely without do in that!

1 – Install the Posh-ACME module

More on that at github developer webpage

powershell -command "Install-Module -Name Posh-ACME -Scope CurrentUser"

2 – Allow the module to run without restrictions

powershell -command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"

3 – Import the module remotely

More on that at powershell developer webpage

powershell -command "Import-Module Posh-ACME"

Set a test mode environment (invalid certificate)

Only use this section to test before production

powershell -command "Set-PAServer LE_STAGE"

4 – Production mode (valid certificate)

LetsEncrypt only permits 50 new certificates per week

powershell -command "Set-PAServer LE_PROD"

5 – Create the SAN certificate with your Global API Key from Cloudflare

powershell -command "New-PACertificate '*.onedomain.pt','onedomain.pt','*.twodomain.pt','twodomain.pt' -AcceptTOS -Contact YourPersonalEmail -DnsPlugin Cloudflare -PluginArgs @{CFAuthEmail='YourCloudflareEmail'; CFAuthKey='YourCloudflareGlobalAPI'} -Verbose"

6 -Find your SAN certificate folder location

powershell -command "Get-PACertificate | fl"

Deixe uma resposta

O seu endereço de email não será publicado. Campos obrigatórios marcados com *