RunCloud TeamToday, we are thrilled to announce that RunCloud supports Let’s Encrypt Wildcard certificates at not extra cost for Pro plan customers.
One of the many features of RunCloud is ability to issue free Let’s Encrypt SSL certificates for all of your web applications. The RunCloud team has been working tirelessly to bring the recently released Let’s Encrypyt Wildcard certificates feature to our customers.
What is Wildcard SSL certificate?
A Wildcard SSL certificate saves you time and money (free, if you use RunCloud) by securing an unlimited number of sub-domain websites with HTTPS on the same single SSL certificate of the primary domain.
For Example:
A single wildcard certificate for https://*.example.com will secure all these subdomains (and any other subdomain):
- payment.example.com
- contact.example.com
- secure-login.example.com
- www.example.com
Instead of needing a separate SSL certificate for each subdomain, you can use a single Wildcard certificate for all the subdomains of the primary domain for which the certificate is issued. This is especially convenient for projects like WordPress Multisite networks.
Let’s Encrypt Agent update
With this Let’s Encrypt Wildcard certificate support update, the certbot agent is no longer needed to run on your RunCloud deployed server.
Before this Certbot was used to automate SSL certificate issuance and installation on your servers. Now it has been replaced by the runcloud-letsencrypt service from RunCloud, which means installating an SSL certificate no longer uses any of your server’s resources.
How to enable RunCloud Wildcard SSL certificate
Step 0:
Add a wildcard subdomain DNS record type A that point to your RunCloud server’s IP address. Then, get your DNS API key. Currently, RunCloud supports 3rd party API keys from Cloudflare, Linode, and Digital Ocean. Please refer to your DNS provider for help.
Step 1:
Go to your RunCloud profile settings 3rd Party API Key to add your DNS provider API key.
Step 2:
Add a wildcard sub-domain name (*.yourdomain.com) to the web application which will be secured by the Wildcard certificate.
Step 3:
Go to your web application’s SSL/TLS setting and remove any currently existing SSL/TLS certificates.
In order to use a Wildcard certificate, choose dns-01 for the authorization method. You will then need to select the third party DNS provider API which you added previously in Step 1 above.
You also have the option of either Live or Staging for the Let’s Encrypt environment. Live is for production sites; Staging is signed by fake certificate agent for testing purposes only.
It will take less than 5 minutes to authorize your domain for the web application and deploy the Wildcard certificate.
Step 4:
Now ANY subdomain of your web application (blabla.yourdomain.com, asdf.yourdomain.com, etc.yourdomain.com, …) is secured by a valid Wildcard SSL certificate and will use the HTTPS protocol by default.
You can check your wildcard certificate via your web browser’s certificate viewer. Notice the “Certificate Subject Alternative Name”, the value should includes your domain name and the wildcard subdomain.
We hope you enjoy the free Let’s Encrypt Wildcard certificates. Please let us know how will use it in the comments. Also, feel free to write to us if you have any suggestions on how we can improve our implementation.
Let’s encrypt has changed the face of the internet, just as RunCloud is changing how easy it is to manage cloud infrastructure for web applications. RunCloud offers Let’s encrypt for free and so much more, sign up for your free trial today and see what we can do for you.
Categories: Security, Server Management, Tutorials
Runcloud is the best. <3
Thanks for supporting! ☺️
Love this.. but noob question.. Do I need a new API key per wildcard domain?
DNSMadeEasy, is among the popular Authoritative / Secondary DNS Service Providers. I use DNSMadeEasy Service, for most of my websites I do appreciate, to see DNSMadeEasy, in the list of DNS Providers, that are supported on Runcloud, w.r.t. DNS Verification Approach for Let’sEncrypt HTTPS Certificate Generation.
thank you
Karl F: You only need an API key for the root domain name
Gives a warning that if using Linode this method will Fail. What to do?
also the signup for this blog is broken. It shows the error message “Your subscription could not be activated. It may have expired, or the email address you subscribed with is not attached to your WordPress.com account.”
Does this wildcard SSL cert auto renew or does it need to be manually renewed?
the wildcard SSL cert is auto renew
I’m about to deploy Lets Encrypt SSL following your instructions exactly but I get this big red message before submitting:
“Please note that Linode DNS is highly unreliable to do dns-01 authorization method. Linode DNS only update your DNS changes every 30 minutes while Let’s Encrypt authorization only happen less than 2 minutes. If you are using Linode DNS and doing dns-01 method, most probably the Let’s Encrypt authorization will FAIL.”
Why is it doing this and is it okay to proceed? Again, I have all settings exactly as you have outlined here.
as mentioned in the message, Linode DNS update is slow (every 30 minutes) but Let’s Encrypt authorization happen less than 2 minutes. The different timing might result a fail Let’s Encrypt authorization. It is okay to proceed but not recommended.
When I use a wildcard SSL do I need to add the subdomain to runcloud under ‘domain name’. If I need to add each subdomain, do I need to redeploy the SSL cert?
Hi Jacob,
When you use wildcard SSL, you can add your “wildcard subdomain” to Domain Name settings in your web application, for example
After adding this wildcard subdomain, you need to redeploy the SSL cert only once to enable wildcard SSL for this wildcard subdomain.
If i have a web application with multiple sub-domain, do i need to add new record at domain registrar
Hi Azri, great question! You wouldn’t need to add it with your domain registrar (i.e. register a new domain name) but you would need to create the DNS record to point that domain to the IP address of the server where you wish to host the web application for the subdomain. Depending on your setup, that change can be made through Cloudflare or with your domain registrar under their DNS record settings.