It’d be nice if that once authorized for a wildcard, I could get a certificate for a single domain name that matches that wildcard. Why? Because for internal services that I authorized using DNS-01, it saves me from having to create a CNAME for each subdomain.example.edu. It’s in fact easier for me to request a wildcard on each host even if I don’t need it. Of course this is much more insecure which is why I’d rather issue a certificate just for that subdomain.
Seems unlikely unless pre-authorization is also implemented in ACME v2 one day:
Pre-authorization. This is an optional feature and we have no plans to implement it. V2 clients should use order based issuance without pre-authorization.
Would be great though, saves lots of round-trips on large certificates too.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.