We will use acme.sh with Cloudflare DNS API to generate a wildcard SSL Certificate from Let’s Encrypt for our domain. We also will use Cloud Shell free Linux shell virtual machine instance provided by Google Cloud.

Note: Make sure that you have already added your domain to Cloudflare.

  1. Log in to Google Cloud Console and activate Cloud Shell

  2. Install acme.sh 

    
curl https://get.acme.sh | sh -s [email protected]

  3. Setup Cloudflare global API key, but first you need to log in to your Cloudflare account to get your API key. 

    
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="[email protected]"

If you want to use another DNS API, you can check for the details in acme.sh documentation

  1. Issue a wildcard SSL certificate using Let’s Encrypt provider 

    
acme.sh --issue -d '*.example.com' --dns dns_cf --server letsencrypt

  2. The example output for generating a wildcard SSL certificate 

    
aziz@cloudshell:~ (my-project-id-xxx)$ acme.sh  --issue -d '*.blogdoang.com' --dns dns_cf --server letsencrypt
[Fri 19 Aug 2022 02:45:15 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri 19 Aug 2022 02:45:15 AM UTC] Single domain='*.blogdoang.com'
[Fri 19 Aug 2022 02:45:15 AM UTC] Getting domain auth token for each domain
[Fri 19 Aug 2022 02:45:18 AM UTC] Getting webroot for domain='*.blogdoang.com'
[Fri 19 Aug 2022 02:45:18 AM UTC] Adding txt value: xxxxxxxxxxxxxxxxxxxxxxxxxx for domain:  _acme-challenge.blogdoang.com
[Fri 19 Aug 2022 02:45:22 AM UTC] Adding record
[Fri 19 Aug 2022 02:45:23 AM UTC] Added, OK
[Fri 19 Aug 2022 02:45:23 AM UTC] The txt record is added: Success.
[Fri 19 Aug 2022 02:45:23 AM UTC] Let's check each DNS record now. Sleep 20 seconds first.
[Fri 19 Aug 2022 02:45:44 AM UTC] You can use '--dnssleep' to disable public dns checks.
[Fri 19 Aug 2022 02:45:44 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Fri 19 Aug 2022 02:45:44 AM UTC] Checking blogdoang.com for _acme-challenge.blogdoang.com
[Fri 19 Aug 2022 02:45:44 AM UTC] Domain blogdoang.com '_acme-challenge.blogdoang.com' success.
[Fri 19 Aug 2022 02:45:44 AM UTC] All success, let's return
[Fri 19 Aug 2022 02:45:44 AM UTC] Verifying: *.blogdoang.com
[Fri 19 Aug 2022 02:45:45 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)
[Fri 19 Aug 2022 02:45:49 AM UTC] Success
[Fri 19 Aug 2022 02:45:49 AM UTC] Removing DNS records.
[Fri 19 Aug 2022 02:45:49 AM UTC] Removing txt: xxxxxxxxxxxxxxxxxxxxxxxxxx for domain: _acme-challenge.blogdoang.com
[Fri 19 Aug 2022 02:45:53 AM UTC] Removed: Success
[Fri 19 Aug 2022 02:45:53 AM UTC] Verify finished, start to sign.
[Fri 19 Aug 2022 02:45:53 AM UTC] Lets finalize the order.
[Fri 19 Aug 2022 02:45:53 AM UTC] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/xxxxxxxxxxxxx'
[Fri 19 Aug 2022 02:45:54 AM UTC] Downloading cert.
[Fri 19 Aug 2022 02:45:54 AM UTC] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/xxxxxxxxxxxxx'
[Fri 19 Aug 2022 02:45:56 AM UTC] Cert success.
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
[Fri 19 Aug 2022 02:45:56 AM UTC] Your cert is in: /home/aziz/.acme.sh/*.blogdoang.com/*.blogdoang.com.cer
[Fri 19 Aug 2022 02:45:56 AM UTC] Your cert key is in: /home/aziz/.acme.sh/*.blogdoang.com/*.blogdoang.com.key
[Fri 19 Aug 2022 02:45:56 AM UTC] The intermediate CA cert is in: /home/aziz/.acme.sh/*.blogdoang.com/ca.cer
[Fri 19 Aug 2022 02:45:56 AM UTC] And the full chain certs is there: /home/aziz/.acme.sh/*.blogdoang.com/fullchain.cer