we’re using a little bit unusual/complex certificates mostly for e-mail services. Every user has his uniqe hostname for IMAP, SMTP, etc… It is for us to be able to seamlesly migrate users between servers/clusters. Hostnames looks like this:
12345.45.imap.example.com - user #12345 12346.46.imap.example.com - user #12346
Therefore, we use certificates with following SAN names (there are 100 wildcards like that - 00-99):
*.00.imap.example.com, .., *.45.imap.example.com, ... , *.99.imap.example.com
Formely, we used StartSSL certificates and they signed such certificate for free. Now, after StartSSL is dead, we can’t get any authority to sign our certificates (for reasonable price).
Is there any possibility to use Let’s Encrypt for such certificates? I know LE doesn’t support wildcards, but isn’t there any way how to sign such “custom” certificate, maybe in not fully automated way (we need only few similar certificates and they newer change)? We would be pleased to make a donation to LE in exchange for this.
Or does anyone know about a CA that would fit our needs?