Wildcard cert via Let's Encrypt

Install acme.sh

$ curl https://get.acme.sh | sh

After installation, .acme.sh folder where issued certs will be placed in created under user home path ($HOME), acme.sh alias created for manual operation and a daily cron job created for automatical renewal.

Cron job example:

0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null

Generate access key

For Aliyun

Create RAM user only for program and grant it following privileges.

• AliyunDNSFullAccess

• AliyunDomainFullAccess

  $ export Ali_Key=“your-api-key” $ export Ali_Secret=“your-api-secret”

For GoDaddy

$ export GD_Key="your-api-key"
$ export GD_Secret="your-api-secret"

Issue certification

In order to execute renew-hook successfully after renewal, it is recommended to install acme.sh with root user, or move the acme renewal job(via crontab -l, sudo crontab -e) under root user.

$ acme.sh --issue --dns dns_ali -d yourdomain.com -d *.yourdomain.com --renew-hook "nginx -s reload"

Nginx config

ssl on; 
ssl_certificate /home/user/.acme.sh/yourdomain.com/fullchain.cer;
ssl_certificate_key /home/user/.acme.sh/yourdomain.com/yourdomain.com.key;

Renew manually

$ acme.sh --renew -d yourdomain.com --force

Reference: https://github.com/Neilpang/acme.sh