I noticed today on Pair’s hosting account control centre, that they have finally added a button to integrate with LE. (As well as selling their own SSL service 
I’ve had to set up our SSLs manually for the last six months at Pair, so I’ve yet to sample how well the integration functions.
The Pair interface has a handy… days to expiry too.
The BIG question is… Are Wildcard SSL certificates ready at LE yet?
No, ACME v2, which includes wildcard support, is still scheduled to go live at the end of February (as far as we know, subject to delays).
If Pair integrated ACME v1 (which is a certainty if they are live with it today), they won’t automatically support wildcards when they go live at Let’s Encrypt. They will have to upgrade their integration to ACME v2.
You should ask them about their plans to integrate ACME v2 if you are concerned about wildcard support.
Thank you _az
What I’ll do is email the CEO of Pair and point him to this very thread today.
I’ve just read this post, effectively advising to avoid wildcard SSL certs…(How to issue wildcard certificate for a domain from letsencrypt)
Could somebody with the knowledge kindly create a Pro and Con article to help us decide?
"Advising to avoid"? I'm not reading that to be honest. The only thing @isk says here is it often isn't necessary (in most cases).
But if your use case warrents a wildcard certificate, @isk isn't advising against it at all.
This provides a pretty balanced view of the risks and tradeoffs between different kinds of certificates:
Note that some of the points (price, organization validation) aren’t relevant to Let’s Encrypt.
Thank you… perfect.
I’ll read that after breakfast, and digest both
Update to confirm the new Pair/LE integration on their shared hosting servers worked perfectly for me today.
Following your advice, I did not chose to use the Wildcard certificate. (Not necessary for me, now I understand more fully.)
I simply used the Pair LetsEncrypt button in the ACC (Control Panel) for each of my four domains, as they approached their renewal time, and after a few minutes the ACC showed them as all done.
I verified each certificate in a browser view, and they had all updated.
My Error log however DID show an Apache2.4 warning, which Pair Support advised can be safely ignored;
I obfuscated my domain to post here;
www.example.com [Fri Mar 09 22:21:39 2018] [warn] [pid 19079] ssl_engine_init.c(1113): [client AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
www.example2.com [Fri Mar 09 22:21:39 2018] [warn] [pid 19079] ssl_engine_init.c(1113): [client AH01909: www.example2.com:443:0 server
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.