Authorize for wildcard, sign cert for single hostname


It’d be nice if that once authorized for a wildcard, I could get a certificate for a single domain name that matches that wildcard. Why? Because for internal services that I authorized using DNS-01, it saves me from having to create a CNAME for each It’s in fact easier for me to request a wildcard on each host even if I don’t need it. Of course this is much more insecure which is why I’d rather issue a certificate just for that subdomain.


Seems unlikely unless pre-authorization is also implemented in ACME v2 one day:

Pre-authorization. This is an optional feature and we have no plans to implement it. V2 clients should use order based issuance without pre-authorization.

Would be great though, saves lots of round-trips on large certificates too.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.