To generate a wildcard domain certificate, you can use docker. It’s my first choice because we don’t have to install additional software; all will be in the docker image. If you don’t have Docker installed on your computer, you can follow this article: How to install Docker desktop. You also need to have access on the domain’s DSN administration panel.

Then, create a folder where docker will generate the certificate. Open a terminal, and enter in that folder, and run the docker command:

$ mkdir <folder>
$ cd <folder>
$ docker run -it --rm --name certbot \
--volume "./:/etc/letsencrypt" \
--volume "./:/var/lib/letsencrypt" \
certbot/certbot certonly \
--manual --manual-public-ip-logging-ok \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--domain '*.<YourDomain>' --domain '<YourDomain>' \
--email <YourEmail> \
--agree-tos \
--rsa-key-size 2048

This command will download a small docker image and will automatically run certbot Command, which will ask you to create 2 TXT records in your DNS panel. DNS entry can take some time to propagate, so it’s recommended to test DNS entry propagation with https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.<YourDomain>. Once you can see your DNS records, press enter to verify. Once it’s verified, certificate will generated, and the docker container will be deleted automatically.

You can find your private key at <folder>/live/<YourDomain>/privkey.pem and your full chained certificate at <folder>/live/<YourDomain>/fullchain.pem. Now, you can combine your private key and full chain certificate with this command:

$ cat live/<YourDomain>/fullchain.pem live/<YourDomain>/privkey.pem > live/<YourDomain>/fullcert.pem

If you need this certificate in PKS format, you can run the following command:

$ openssl pkcs12 -export -out live/<YourDomain>/fullchain.p12 -in live/<YourDomain>/fullcert.pem