Using Let’s Encrypt Wildcard SSL Cert

Let's Encrypt has announced the official support of the Wildcard certificate FINALLY.


Run command on your VPS:

~/certbot-auto certonly \
-d \
-d * \
-d * \
-d \
-d * \
--manual \
--preferred-challenges dns \

Use --cert-name to set cert name, otherwise the domain name after the first '-d' param will be used as the cert name.

IP logged notice

The IP of the request machine will be logged, but it will not be public now. If worry about the important one of IPs on the VPS,you can modify the config files in /etc/sysconfig/network-scripts and restart the network service to change your IP temporarily. Type 'Y' to continue.

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
(Y)es/(N)o: Y

DNS txt records

Add a txt record.

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.
Press Enter to Continue

TIPS: if you want and * verified in the same cert, you should add the params for each domain, for example: '-d -d *'. AND, you need add multiple txt records. Use 'nslookup' to verify:

> set type=txt
Non-authoritative answer: text = "I6Tys5RebMhWaBxN1e4fBaBj2OF7jUPl92tdDtfKjao" text = "QQxHqbXK2aWM8qRWpAyenXo2QotSejV_ERnnc6MUEqU"


After verification:

Waiting for verification...
Cleaning up challenges

- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2018-06-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:
Donating to EFF:

We don't talk about configuring SSL certs now. If failed to verify some domains, just run the command again. The value of txt records will not change after verified.



Continue reading

Flipper Host 退款记

一个月之前,为了搭建VPN服务器购买了 Flipper Host 的 Basic,一段时间以后,发现完全无用,为了避免下月付费,我果断地在 Flipper Host 网站上取消了这个VPS产品。但是我却忘记取消 PayPal 的循环付款了,今天收到短信,说我又消费了3.2美元,马上明白过来。虽然印象之中国外的主机商是比较好说话的,但是第一次在没有听过别人成功退款的主机商处退款,还稍有些紧张。

Continue reading