Hello LetsEncrypt team,
first of all: thank you for your amazing work. I’m running Let’s Encrypt on several of my domains and it’s working like a charm.
Now as the topic suggests I’m wondering about the wildcard support in the future. I do realise that using the http-01 verification or similar verification methods it would be hard to properly implement a safe wildcard issuing way as all the domains would have to be checked - which in case of a wildcard would simply require an infinit amount of possible domains to be checked.
However, for the dns-01 challenge I imagine wildcard support would be possible.
As of now if my understanding is correct the dns-01 challenge (I haven’t used it yet) requests a TXT record in the format like the following:
_acme-challenge.example.com. 300 IN TXT “gfj9Xq…Rg85nM”
Now I wonder if there are any technical issues in allowing the following:
_acme-wildcard-challenge.example.com. 300 IN TXT “gfj9Xq…Rg85nM”
(notice: my DNS operator - Rage4 - wouldn’t have allowed _acme-challenge.*.example.com. so I assume the * is not allowed in TXT records)
And well, I imagine technical hurdles for such an implementation would be low, but I won’t outrule “legal” issues (as in: the Let’s Encrypt chain might be disapproved by certain browsers).
Is it anything like that?
Julian “haoLink” ^^