How to issue a SAN or Wildcard Certificates for free

Last Updated on 9 de Janeiro, 2021 by Vítor Fernandes

For this to work, you need to be hosted on Cloudflare platform. Don’t worry, a free account will do! Just add in your DNS panel a CNAME type record with the name _acme-challenge.www and a content target

I’m assuming that you already uploaded the folder. Right?! If not, please create a folder .well-known in your domain root directory. To test it out, just put a text file within the folder and try to access the folder in browser. If the filename is eg: text.txt, do your

Can’t access that file over the browser, just add an alias definition on your httpd-vhosts.conf file

Alias /.well-known "directoryname/.well-known"
<Directory directoryname/.well-known>
	AllowOverride All
	Require all granted

Use the powershell command line with administrator privileges. You can’t install the module remotely without do in that!

1 – Install the Posh-ACME module

More on that at github developer webpage

powershell -command "Install-Module -Name Posh-ACME -Scope CurrentUser"

2 – Allow the module to run without restrictions

powershell -command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"

3 – Import the module remotely

More on that at powershell developer webpage

powershell -command "Import-Module Posh-ACME"

Set a test mode environment (invalid certificate)

Only use this section to test before production

powershell -command "Set-PAServer LE_STAGE"

4 – Production mode (valid certificate)

LetsEncrypt only permits 50 new certificates per week

powershell -command "Set-PAServer LE_PROD"

5 – Create the SAN certificate with your Global API Key from Cloudflare

powershell -command "New-PACertificate '*','','*','' -AcceptTOS -Contact YourPersonalEmail -DnsPlugin Cloudflare -PluginArgs @{CFAuthEmail='YourCloudflareEmail'; CFAuthKey='YourCloudflareGlobalAPI'} -Verbose"

6 -Find your SAN certificate folder location

powershell -command "Get-PACertificate | fl"