Support wildcard certificates


#1

I have just send in your beta form registraction.

Request for 26 domains of 3rd level at only ONE domain 2nd level.

Please support WILDCARD CERTIFICATES… it’s so heavy to do list of all used domains. It so complicated check if all is setup correctly.

Why do things simple??? If exists really hard way…


Request for Wildcard
#2

There’s already a thread about this: Please support wildcard certificates

I will add my 2 cents though.

I can see the value of wildcard certificates in a world of manual certificate issuance and maintenance. But with automation, wildcard certificates are somewhat of a liability and a complexity. (I know from experience since I’m writing a web server that automatically issues and renews certificates for all the sites it serves.)

Wildcards can be a liability because if an automated transactions fails, malfunctions, or is compromised, all the subdomains go down with it.

From a complexity perspective, it is easier to match domains to certs 1:1, rather than ∞:1 which requires extra programming logic.

Any security implications aside, I would not be opposed to wildcards, but I can understand why these are not (yet?) available.


#3

“in world of manual certificate issuance and mantance” are you kidding

and now say Let’s encrypt enable you to do it manual as usually, but ever 90 days to remember that :o)

You can automate deploying certificates to one or two servers… but all servers must use ONLY 100% supported operation systems and web configuration must be very easy and not complicated

try automate deploing certificate to iDrac or ILO, or vSphere, Avamar, Mail Server and many other… where you should be glad if you will have web gui to deploy that… but absolutely no way to deploy it direcly to filesystem of server

and manualy deploying SAME certificate (wildcard) is easier than deploying EVERYTIME ANOTHER certificate


#4

That’s what I meant by, “I can see the value of wildcard certificates in a world of manual certificate issuance and maintenance.”


#5

I am for wildcards as well especially since revoking (in worst case) is easier and I have to manage my certs manually because I have a windows running with xampp…


#6

Some hosting services only allow one certificate per virtual machine - 1and1 for example - so a wildcard certificate is the only way to cover sub domains running on the same server.


#7

As @mholt points out, there is already a thread here on the subject, so I’m going to close this one.

Let’s Encrypt cannot support wildcard certificates until there is a way to do so in the ACME protocol. I’d recommend anyone passionate about helping to define a safe mechanism to get involved in the working group’s mailing list.

Anyone can be involved with the drafting process for ACME. The barriers to entry are: understanding the specification, and joining the mailing list.


#8