I’m using acme.sh on a FreeBSD iocage jail with nginx and other instances with apache24.
I’m running at home a FreeNAS host which is exposed by a selfhost.de DynDNS through a Fritz!box.
I want to know, if it is currently possible for me to use a wildcard certificate for floogy.selfhost.bz:443 (nginx), floogy.selfhost.bz:44443 (non standard 443 port, apache24) and several sub-subdomains like *.floogy.selfhost.bz e.g. mytestwordpresssite.floogy.selfhost.bz. Also selfhost.de offers as TLD *.bz and *.eu and AVM Fritz!box is available on mybox.myfritz.net.
For wildcard certificates, you’ll need to be able to control the DNS settings of the (sub-)sub domain. It isn’t necessary to control the “base” domain, as long as you can add a TXT record to a specific subdomain of the (sub)domain you want a certificate for. For example: you’ll need to be able to add a TXT record called _acme-challenge.floogy.selfhost.bz to the public DNS.
name "floogy.selfhost.bz" is subdomain, public suffix is "bz", top-level-domain-type is "country-code", Country is Belize, tld-manager is "University of Belize"
selfhost.bz isn't on the public suffix list.
Result: You use a subdomain, not a domain.
Per domain are max. 50 new certificates per week possible.
you see: There are a lot Letsencrypt certificates.
There are other users with the same domain and the same problem. Creating new certificates was nearly impossible. It's a general problem, the owner of selfhost.bz should add the domain to the public suffix list.