Install Wildcard SSL Certificate on Ubuntu 22.04 Server

Securing your website with an SSL certificate is important for protecting sensitive data and ensuring user trust. A Wildcard SSL certificate allows you to secure multiple subdomains under a single domain making it a cost effective and efficient solution for websites with numerous subdomains.

In this post, we will cover the process of installing a Wildcard SSL certificate on an Ubuntu 22.04 server.

Prerequisites

Before you begin to install Wildcard SSL Ubuntu make sure you have the following:

1. A domain name with multiple subdomains.
2. Access to your domain’s DNS settings.
3. An Ubuntu 22.04 server with root or sudo access.
4. OpenSSL installed on your server.
5. A web server was installed and configured. Refer to our guide on how to install NGINX on Ubuntu server.

How to Install Wildcard SSL Certificate on Ubuntu

Following steps described below on how to install wildcard SSL certificate Ubuntu 22.04 server:

Step 1: Generate Certificate Signing Request (CSR)

The first step in Ubuntu 22.04 enable SSL is to generate a Certificate Signing Request (CSR). This request will be sent to the Certificate Authority (CA) to issue your SSL certificate. First, create a private key with the following command:

sudo openssl genrsa -out /etc/ssl/private/yourdomain.key 2048

Then generate the CSR with the following command:

sudo openssl req -new -key /etc/ssl/private/yourdomain.key -out /etc/ssl/certs/yourdomain.csr

You will be prompted to enter information about your organization. Ensure you enter the correct details especially the Common Name (CN) which should be your domain name for example *.yourdomain.com for a wildcard certificate.

Step 2: Submit CSR to Certificate Authority

Once you have generated the CSR, you need to submit it to a Certificate Authority (CA) to obtain your Wildcard SSL certificate. The process may vary slightly depending on the CA but generally, you will need to:

1. Log in to your CA’s website.
2. Select the option to purchase a Wildcard SSL certificate.
3. Paste the contents of your CSR file into the provided field.
4. Complete the domain validation process usually via email or DNS verification.

Step 3: Install Wildcard SSL Certificate

After the CA has validated your domain and issued the SSL certificate you will receive several files including the certificate file yourdomain.crt and the CA bundle ca_bundle.crt. You need to install these files on your server.

For Nginx

After installing NGINX, copy the certificate files to your server:

sudo cp yourdomain.crt /etc/ssl/certs/ && sudo cp ca_bundle.crt /etc/ssl/certs/

Open the configuration file for your site. This file is usually located in /etc/nginx/sites-available/your_site.

sudo nano /etc/nginx/sites-available/your_site

Configure the server block to use SSL, add the following lines within the server block:

listen 443 ssl;
server_name yourdomain.com *.yourdomain.com;

ssl_certificate /etc/ssl/certs/yourdomain.crt;
ssl_certificate_key /etc/ssl/private/yourdomain.key;
ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;

Enable the site configuration and restart Nginx with the following commands:

sudo ln -s /etc/nginx/sites-available/your_site /etc/nginx/sites-enabled/ && sudo systemctl restart nginx

Step 4: Configure DNS Wildcard SSL

To ensure that your Wildcard SSL certificate works for all subdomains you need to configure your DNS settings:

1. Log in to your DNS provider’s website.
2. Add a CNAME record for each subdomain:

• Name: *
• Type: CNAME
• Value: yourdomain.com

Step 5: Test SSL Configuration

After installing the SSL certificate and configuring your DNS settings it is essential to test your SSL configuration to ensure everything is working correctly.

There are several online tools available such as SSL Labs that can help you verify a secure website with SSL Ubuntu.

Open your website in a browser and ensure that the connection is secure look for the padlock icon in the address bar.

Important Notes

Following are some important notes while installing the wildcard SSL certificate on Ubuntu server 22.04:

• Wildcard certificates can be used to secure multiple subdomains of a domain name.
• SSL certificates have a limited lifespan. You will need to renew your certificate before it expires to avoid interruptions in your website’s service.
• Some CAs may require you to install intermediate certificates along with your primary SSL certificate.
• It is important to follow security best practices when using SSL certificates including using a strong private key.

Conclusion

Installing a Wildcard SSL certificate on an Ubuntu 22.04 server involves several steps from generating a CSR to configuring your web server and DNS settings. By following this guide you can secure multiple subdomains under a single certificate ensuring a secure and trustworthy experience for your users. Regularly testing your SSL configuration and setting up automatic renewal will help maintain the security of your website.

FAQ