Hi All! I have been knowing for a very long time that Letsencrypt will be starting wildcard certificates according to below link: https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567 My question is how and what to execute to get *.mycompanyname.com certs. I have 8 d…

[image] PeaceComesFree: My host has recently instituted LE integration (hopefully ACME v2). Unlikely that it would be, as ACME v2 is very new (and I don't believe it's yet supported by the production server) [image] PeaceComesFree: are you saying it may be better for punters like me, NO…

Thank you danb35. I know the hostnames and they don’t change, but relying on the manual method, I’ve had to create a separate ssl cert for each sub-domain, and then ask my host to install each cert. Quite laborious every 3 months, with the time-difference, and waiting for my host to install the ce…

[image] PeaceComesFree: Is that what you advise? If your host now supports Let's Encrypt, what I'd advise would be to request a single cert with all your hostnames on it. Presumably your host's support includes automatic renewal, so once you've done that, you're set. [image] PeaceComesFr…

The manual method I refer to is not to use Certbot, but use the LE online form and ZeroSSL to manually verify my domains and create a ssl and then send that to my host to install for me. I have not investigated how my hosts LE integration functions, I’ll wait until my next renewal is due to do that…

[image] PeaceComesFree: The manual method I refer to is not to use Certbot, but use the LE online form and ZeroSSL ZeroSSL supports multiple domains on a single certificate request like most Let's Encrypt clients. So yes, you could issue a single cert that way that covers all your hostnames. …

Okay I'll give it a try next renewal. Thanks for the tip. There's more on this topic here: [image] Pair.com now Integrated, but Help T…

Hi! I am also waiting for the wildcard certificates to be available. I would like to ask you about this: [image] isk: it’s often very simple to just request a certificate with multiple SAN entries Would this work if I do not have access to those subdomains from the machine where the certif…

[image] barbu110: Would it work if I am asking the certificate from that instance for all these subdomains? It depends. Proxies (such as an ELBs and Cloudfront distributions) shouldn't affect the ability to issue certificates for those domains. After all, sending GET /.well-known/acme-chall…

However the wildcard certificate would be a much faster solution in this case, wouldn’t it?

You’ll need to use the DNS challenge to get a wildcard certificate anyway, and if you have that ability, you can use it now to validate each individual subdomain. The DNS challenge can be completed from any machine that has access to your DNS API credentials.

How to issue wildcard certificate for a domain from letsencrypt

Help

jsha September 20, 2018, 8:04pm 31

Wildcard support is available since March of 2018. Please see this post for details: ACME v2 and Wildcard Certificate Support is Live

Topic		Replies	Views
Wildcard Certificates Coming January 2018 Issuance Policy	67	18985	October 13, 2017
Please support wildcard certificates Issuance Policy	67	84418	October 13, 2015
How many wild card domains per certificate Issuance Tech	18	5518	May 27, 2018
Wildcard request: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA Help	21	1373	January 4, 2024
How to issue ACMEv2 Wildcard with Certbot 0.22.0? Help	47	42500	May 27, 2018

How to issue wildcard certificate for a domain from letsencrypt

Related topics