Apply for Let’s Encrypt wildcard certificate on Windows

  Let’s try to apply for Wildcard certificate in SSL For Free (*.abc.com),I didn't expect the application to be successful,I originally thought that Let’s Encrypt can only apply for individual URLs。Recently the voucher is almost three months,Ready to apply again,But found that SSL For Free was bought by ZeroSSL,Application for Wildcard voucher,Can only be purchased for a fee,So I had to give up the service of this platform。

 

   After searching some information on the Internet,Most articles are recommended by Let’s Encrypt Certbot tool,You can apply for a certificate,It can also be extended automatically。But after my actual trial,Some problems occurred in the URL verification section and could not proceed smoothly,So I had to stop。

 

   Then try to search for sites that can apply for certificates online like SSL For Free,Finally found Get HTTPS for free! This not-so-obtrusive but great website! Get HTTPS for free! Is an open source website,The page of the webpage is very simple,But the instructions are very detailed。Try to follow the steps above,Pity in the steps 3. To verify through openssl,The instructions on the webpage do not seem to work in Windows,So check again。

 

   Fortunately later Cook Wu’s Murmurs's Articles Learn,Some netizens targeted Get HTTPS for free! I wrote a super convenient collaboration tool that can run on Windows – GetHttpsForFree-UI,Just set the location of openssl in GetHttpsForFree-UI,Follow the steps to match the web page step by step,Almost all just copy and paste,No need to use instructions。

 

   The following is "Get HTTPS for free!"+"openssl"+"GetHttpsForFree-UI" Instructions for "Let’s Encrypt wildcard certificate":

 

◎ Download openssl for windows,And unzip。

◎ Download GetHttpsForFree-UI.exe

◎ Run GetHttpsForFree-UI.exe,Set the location of openssl.exe in OpenSSL Path。

◎ Set a directory in Working Path to store "Certificates" and "Keys"。

◎ The file names of Account key and Domain key can use the default values。

◎ The openssl.cnf file can be found under the opensslshare directory,You can also click "Download an OpenSSL.cnf template file",Download template file,I choose the latter。After downloading the template file,Save to working path directory。

◎ 點選「Copy required entry to clipboard」,At this point, the scrapbook will contain the parameters required by openssl.cnf,The receiver opens the openssl.cnf just now,"Paste" on the last line。

 

◎ Modify the subjectAltName parameter just pasted,Change the following URL to *.abc.com。

 

◎ Back to GetHttpsForFree-UI.exe tool,Switch to "Step 1 and 2" page,Click "Create Account Key",This will generate the public key content of the email account required by Let’s Encrypt,And automatically copied to the scrapbook。In addition, the Working Path folder will generate a private key file for account.key。

 

◎ to "Get HTTPS for free!"website,In Step 1 Enter Email and paste the public key just now,And click "Validate Account Info"。

 

◎ Back to GetHttpsForFree-UI.exe tool,按下「Create Domain Key and Request」,The CSR content will be generated and automatically copied to the clipboard。In addition, the Working Path folder will generate a domain.key private key file。

 

◎ 到「Get HTTPS for free!"website,In Step 2 Paste the CSR content just copied,And click "Validate CSR"。

 

◎ Also in "Get HTTPS for free!"website,Copy the instructions under Step 3 "Accept the Let’s Encrypt terms and condition"。

 

◎ Back to GetHttpsForFree-UI.exe tool,Switch to "Step 3 and 4" page,Paste to the "Data" field,And click "Excute OpenSSL",At this time, the data in the "Result" field will be automatically copied to the clipboard。

 

◎ Back to "Get HTTPS for free!"website,Paste the value just below the command,And press "Accept Terms"。

 

◎ Repeat the above steps,完成「Get HTTPS for free!'' Step on the website 3 Of other fields。

 

◎ 在「Get HTTPS for free!''Step of the website 4,Repeat the previous steps,After generating the verification value,Click "Load Challenges"。

 

◎ Next, the TXT information to be added in DNS Server will be generated below,After completing the addition,點選「I can see the TXT record for abc.com」。

 

◎ 將「Get HTTPS for free!''Step of the website 4 The remaining command fields,Follow the previous steps,Paste to GetHttpsForFree-UI.exe and then post it back to the website,And press the corresponding button。

 

◎ 在「Get HTTPS for free!''Step of the website 5 (last step),Copy the content of "Signed Certificate Chain"。

 

◎ Back to GetHttpsForFree-UI.exe tool,Switch to the "Step 5" page,Paste the value you just copied in "Signed Certificate",And click "Create Certificate" below,A .crt server certificate file will be generated in the Working Path folder。

 

  Here we have completed the application of Let’s Encrypt’s wildcard certificate,I deeply feel that the tool GetHttpsForFree-UI.exe is really convenient,Thank the author,In addition, the author also recorded Teaching video,Actually after watching the video,You probably know how to proceed,The suggestion can be read first。

 

【Fan Wai Pian】

  If you want to convert crt server certificate file to PFX file,Can refer to Bao's this,There are very detailed instructions。

 

◎ Through the following command,Combine the "crt server certificate file" and "domain.key private key" into a PFX file。

  openssl pkcs12 -in abc.com.crt -inkey domain.key -export -out abc.com.pfx -password pass:1234  # 1234 是匯入密碼,請自行修改。  

 

【2020/08/04 Supplement】
The file generated by the above procedure is explained as follows:

  【openssl.cnf】  # 讓 OpenSSL 產生憑證的範本檔。    【account.key】  # Let's Encrypt 郵件帳號的私鑰檔。    ===============================    【domain.key】  # 產生 CSR 時的私鑰檔。    【abc.com_cert.crt】  # 主要憑證檔。    【abc.com_chain.crt】  # 根憑證 (root)。    【abc.com.pfx】  # 使用 openssl 將「abc.com_cert.crt (主憑證)」與  # 「domain.key (私鑰)」合併轉換而成。

 

【參考連結】

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.