So first of all, this isn’t really a feature request, but I wasn’t sure how else to file this since it’s discussing an upcoming feature. If this is the wrong place I’d appreciate if it could be tagged wherever is most relevant!
Anyway, I’m very much looking forward to being able to request wildcard domains to significantly simplify setup for many of my sites, as currently I have to gather a list of multiple domains and request them either as individual or combined certificates, which is a bit of a pain.
However, there’s one new case that I’m looking forward to investigating that wildcards ought to make possible, but I have some questions about how it will work. Basically, assume I have a domain with various sub-domains for different purposes, e.g- www.example.org, mail.example.org, webmail.example.org and so-on, and I’d like to use a wildcard certificate for *.example.org to make it easier to change sub-domains in future. Perfectly normal so far.
Now, I also want to handle uploaded user content, and my current ideal scheme for doing so is to use domains such as haravikk.files.example.org; a bit unwieldy I know, but this avoids potential issues with things like cookies and cross-site scripting, as it’s much easier to lock everything down at a sub-domain level, and is easy to handle in nginx by simply matching the username part of the sub-domain (or sub-sub-domain, I’m unclear on the term for going deeper). So to allow SSL for these sub-domains, I’d also need a wildcard certificate for *.files.example.org.
What I’m wondering is; will this work with essentially two different levels of wildcard certificate (i.e- does *.example.org also match haravikk.files.example.org or does it only match files.example.org?).
I suppose the obvious related question is; does it even matter? Am I just over-complicating things by looking at using two different wildcards for this, should I just one for the entire site (if I can)?