ワイルドカード証明書をlet'sencryptを作りたかったので試してみた。
せっかく作ったから、webサイト構築もやってみたい

サーバ情報

Oracle Linux 8.6
タイムゾーン:Asia/Tokyo
ロケール：ja_JP.UTF-8
SELinux:disabled

事前準備

onamae.comでドメイン購入済

レッツ発行

Oracle Linux 8.6に、EPELリポジトリを有効化

yum -y install epel-release
yum-config-manager --enable ol8_developer_EPEL

発行のために「certbot」をインストール

yum -y install certbot

下記コマンドを実行

# certbot certonly --manual \
 --server https://acme-v02.api.letsencrypt.org/directory \
 --preferred-challenges dns \
 -d *.jibun.domain \　### ワイルドカード指定
 -m ×××@gmail.com \ ### 自分のメールアドレス
 --agree-tos \
 --manual-public-ip-logging-ok

対話式で証明書に関する質問されるので、「y」を入力

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for *.jibun.domain

続いて対話形式で自分が持っているDNSサーバにTXTレコードで追加する文字列が表示されるので、指定通りに適用する

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.jibun.domain.

with the following value:

gzYZuZiwSKxEUrl-H8w7zcIa6nMlKi7NbBRHD54TJME

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.nephken.net.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue