= certbot =
 * https://certbot.eff.org/
 * https://letsencrypt.org/docs/client-options/

https://letsencrypt.org/docs/faq/#does-let-s-encrypt-issue-wildcard-certificates
Yes. Wildcard issuance must be done via ACMEv2 using the DNS-01 challenge. See this post for more technical information.

== Install ==
{{{#!highlight bash
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
certbot-auto
}}}

== Get cert to domain www.example.org (nginx) ==
{{{#!highlight bash
/usr/local/bin/certbot-auto certonly --webroot
#Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'to cancel): www.example.org
# - Congratulations! Your certificate and chain have been saved at:
#   /etc/letsencrypt/live/www.example.org/fullchain.pem
#   Your key file has been saved at:
#   /etc/letsencrypt/live/www.example.org/privkey.pem
cd /etc/letsencrypt/live/www.example.org/
cat cert.pem  > www_ca_bundle.crt
echo "" >> www_ca_bundle.crt 
cat  chain.pem >> www_ca_bundle.crt
cp privkey.pem /etc/ssl/private/www_private.key 
cp www_ca_bundle.crt /etc/ssl/certs/www_ca_bundle.crt
nano /etc/nginx/sites-enabled/www.example.org
# ssl_certificate /etc/ssl/certs/www_ca_bundle.crt;
# ssl_certificate_key /etc/ssl/private/www_private.key;
# change paths ...
service nginx restart
}}}

== Get cert to domain using other webroot ==
{{{#!highlight bash
cd /etc/nginx/sites-available
cp other.example.org other.example.org.ori 
cp www.example.org other.example.org
sed -i 's/server_name www.example.org/server_name other.example.org/g' other.example.org
cat other.example.org
# restart nginx
service nginx restart

/usr/local/bin/certbot-auto certonly --webroot
# Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): other.example.org
# Input the webroot for other.example.org: (Enter 'c' to cancel): /var/www/www.example.org
# Congratulations! Your certificate and chain have been saved at:
#   /etc/letsencrypt/live/other.example.org/fullchain.pem
#   Your key file has been saved at:
#   /etc/letsencrypt/live/other.example.org/privkey.pem

cp /etc/nginx/sites-available/other.example.org.ori  /etc/nginx/sites-available/other.example.org
cd  /etc/letsencrypt/live/other.example.org/
cat cert.pem  > other_certificate_bundle.crt;
echo "" >> other_certificate_bundle.crt;
cat  chain.pem >> other_certificate_bundle.crt;
cp privkey.pem /etc/ssl/private/other_private.key 
cp other_certificate_bundle.crt /etc/ssl/certs/other_certificate_bundle.crt;
service nginx restart
}}}

== Install on Ubuntu with snap ==
{{{#!highlight sh
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
certbot --nginx
}}}