Does the “manuale” client at https://github.com/veeti/manuale support wildcard certificates? I somehow think it does, but it’s not working for me:
$ …/manuale authorize *.teach.cs.toronto.edu
Requesting challenge for *.teach.cs.toronto.edu.
/data/www/cdf/ssl/manuale/env/lib/python3.5/site-packages/manuale-1.1.0-py3.5.egg/manuale/crypto.py:80: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
A connection or service error occurred. Aborting.
Error creating new authz :: Wildcard names not supported (type urn:acme:error:malformed, HTTP 400)
$
(The previous authorize of “teach.cs.toronto.edu” itself worked fine.)
If “manuale” doesn’t do wildcards, I’d be grateful for a recommendation for something which does and which is equally command-line-oriented (as well as equally allows me to edit DNS data manually for this purpose.)
@stevenzhu I think you might be confusing Certbot's manual mode with the Manuale ACME client. @flaps is using the latter and not the former and so the Certbot version isn't applicable.
This client appears to support the DNS-01 challenge method, but it does not appear to support ACME v2. (Edit: Looks like there is an open issue to add support for ACMEv2: ACME v2 support · Issue #40 · veeti/manuale · GitHub )
This is the error message that would be returned if you asked the ACME v1 API for a wildcard. Wildcard certificates are only available with the ACME v2 API.
@flaps If you want to issue a wildcard certificate I'm afraid you'll have to wait for the Manuale client to add ACME v2 compatibility, or switch to one of the ACME v2 compatible clients we list at the top of this page: ACME Client Implementations - Let's Encrypt