Please support wildcard certificates


#37

+1 for wildcard support !


#38

Would love to have wildcard certs supported sooner rather than later.


#39

I would really like wildcard support! I run a (free) service that allows people to choose their own subdomains in real time (and change the subdomain at any time). I would like to be able to offer them SSL, but it would only be possible with a wildcard certificate.

I’m happy to put money towards making this happen for everyone. I’ve created a campaign to help try and make it happen at https://www.co-funded.com/letsencrypt.org/s/Add-support-for-wildcard-certificates


#40

can you provide us with a source where one, as a reseller, can get them for that price (35-55$), please?


#41

GoGetSSL is one… i’m using their GGSSL Wildcard on my forums https://community.centminmod.com and https://sslspdy.com sites


#42

+1 for supporting wildcards.
Really just piling on- Wildcard support would be a significant boon for our household.


#43

easily code that @Jason

If you are a developer maybe you can contribute?


#44

i can test a bit without wildcards. to go more than mild playing, i need altnames. in a few cases, to scale out, i need wildcards. i do understand “certs are cheap just ask for them.” from the CA point of view. but services and server scaling are another world.


#45

Wildcards are important for SaaS (multitenant) scenarios.

For example when a new customer acme signs up for the (imaginary) happyhire recruiting service, they would typically be given their new careers site at acme.happyhire.com.

Some SaaS systems have thousands of customers.

On one hand, a thousand customer company can afford to buy a wildcard cert.

But compounding this is microservices. What used to be a monolithic app will soon instead be a collection of tens or hundreds of small apps.

Those apps communicate with each other via REST api calls over the internet.

They all need wildcard certs of their own.

This is all top of mind for me right now because we’ve shelled out a few $k for wildcard certs this month and we have a lot more we need to buy.

Please support wildcards!!


#46

+1 for wildcard support.


#47

Another argument for wildcard certs would be a privacy one: When using a wildcard cert an attacker which listens on the network cannot get out what subdomain the user is connecting to.


#48

+1 for wildcard support


#49

That only works when SNI is not used by the client. What does work is wildcard OR multi-domain certificates securing a h2 connection - you can send requests for all domains over the same connection.


#50

Someone is going to talk about DNS sooner or later and how you see what domain you are requesting, but with DNSCrypt (which many people are using) the DNS query is encrpyted and someone passively following network traffic will only see the target IP.


#51

Okay, yes you’re right - multiple-domains should also does this.

Yeah, DNS queries are a completely different thing of course. And yes DNSCrypt is a really nice system.


#52

Again, the critical part is “securing a HTTP/2 (h2) connection” - the h2 spec allows you to send requests for all domains listed in the certificate, so the network viewers can only see the first domain you connected to in the clear.


#53

+1 for wildcard support


#54

+1 for wildcard support.


#55

Hi folks, could you please stop posting “+1” responses to this thread? We’re aware that there are thousands of prospective users who would like wildcard certificates and that some of them have use cases that can’t be satisfied without wildcard certificates.

Nonetheless, we are unfortunately unable to support wildcard certificates, at least at the outset, and seeing additional “+1” replies won’t change that. I’m sorry for the inconvenience.


#56

@eva2000 which product? GoDaddy Standard Wildcard SSL? I don’t see any other that is under $55 other than that one.