Advising customers and making promises to them about solutions that are reliant on a third party provider, which is outside of your control, sounds like poor management to me.
Making assumptions is what has got you to the point that you don’t have any answers. I would rather the wildcard certificates are delivered to a high quality instead of shipping them to us with lots of problems that could damage their reputation, as well as some of the sites the certificates will be protecting.
Almost everyone of us uses third party “provider”. And its not making promising, advising them that something is going to available soon based on the providers notes and published timeline.
Its all about communication. But may be something which you will not understand. We never made any assumptions. Or may be we did by assuming that they will gonna follow their own published timeline,
Anyway I don’t want to get in any argument with you on this. We all are professionals here.
Lets Encrypt is great and it will remain so. This is a Lets Encrypt community and something concerned us and we raised our point.
FYI, I know what my options are if Lets Encrypt is unable to provide wildcards certs for now.
There’s still a fair degree of activity on the ACME mailing list. I’m no one of influence, but if I were a betting man I’d anticipate another non-wildcard renewal.
I’ve been waiting for a long time for wildcard certificates to happen, so I’m in high anticipation. A few more days/weeks of waiting wouldn’t change anything for me. I’m extremely excited that LetsEncrypt has gotten as far as it has. When it started, I was merely hopeful that it would have the means to continue operation, since otherwise SSL looked to be an impossibility for me, without self-generating certificates and putting the CA cert across organization computers. I’m glad that it has transformed into the service it has today. I remember the day that it came out, and setting my personal domain to HTTPS and finding the little green lock when I opened my browser was a gratifying achievement.
I’ve been particularly excited for wildcard certificates, because now I can spin up small subdomains for quick one-off CS projects and not have to worry about the HTTPS server not having the certificate for the domain, and having to have everyone in the project approve the “invalid” certificates in their browsers. Woo!
I notice that acme-v02.api.letsencrypt.org is resolving, responding, and serving up valid certificates… just waiting for the official announcement now.
Yeah, makes sense given 2018.03.12 Wildcard Certificate Encoding Issue. For myself, I’m more interested just in the ACMEv2 endpoint since the client I wrote doesn’t do dns validation (or ACMEv1). I wrote it on Feb. 21st, so it felt silly to support an already obsolete protocol.
On the other hand, I don’t want to commit changes using the production endpoint until there’s an announcement, so tonight I dream of an announcement of a non-wildcard v2 announcement in the morning.
honestly that is FAR from a good Idea. if that API goes weird and issues stuff that shouldnt have been issued and they have rolled out a Beta API to the trusted chain on purpose they might as well close the CA.
although others do charge a lot this is basically with no technical reason, the validity of the request and ownership/control of the domain still has to be checked, and they iirc still go through automatically, so no extra effort or whatever, just maybe some insurances that wont help anyway.