Changing to Lets Encrypt from RapidSSL WildCard Certificate


#1

My server currently has a directory

/ssl

with
mysite.com.crt
mysite.com.csr
mysite.com.key

provided by rapid ssl - it’s an unlimited domain liscence as I have 10’s of thousands of subdomains, and the platform creates new ones on sign up,

what steps should I take to replace this with Lets Encrypt?


#2

Hi @wiziwiz

Review Using Certbot for 400+ Domain Environments

Changing from a WildCard to LetsEncrypt would be very challenging in your case.

You would need to create new bindings etc.

LetsEncrypt currently does not support wildcard certificates.

Andrei


#3

Agreed with @ahaw021, since we don’t offer wildcard certificates, this will definitely be more complex. By default you would run into rate limit problems because Let’s Encrypt allows only 100 names per certificate and limits the number of certificates you can issue per week that apply to the same top-level domain.

If you are a hosting provider hosting these on behalf of customers, you may be able to get a rate limit exemption. See

https://letsencrypt.org/docs/rate-limits/

and

https://letsencrypt.org/docs/integration-guide/

Various hosting providers have managed to get this to work; it would definitely require some programming effort, though.

If you’re not a hosting provider, I don’t think Let’s Encrypt can handle your situation properly because the rate limits will prevent you from issuing a large enough number of certificates to cover all of your subdomains.


#4

Thanks for the reply - can wildcard certificates be a feature request?


#5

Already been requested Please support wildcard certificates

Andrei


#6

awesome - all in good time, meanwhile I am manually using Lets Encrypt for all my wordpress sites - with a partner web hosting - here’s to the bright future!


#7

@wiziwiz I’d stick with wildcard ssl cert in such cases. You use the right tool for the job and for such situations, ssl wildcard cert is the right tool. Same applies for me having 100s of subdomains off the domain, so wildcard ssl cert is only way especially if you do not know before hand the additional new subdomain names.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.