Wildcard Certificates Coming January 2018


Maybe a more specific version of that question would then be “can you mix wildcard and non-wildcard names in the same cert?” or “can you mix a wildcard name with a different unrelated domain name within the same cert?” and I agree that the answer is “yes, you can”.


This is the best news I’ve heard since the invention of the wheel and sliced bread :grin: WELL DONE Let’s Encrypt, come 2018 you are going to shake up the SSL market something chronic. :+1: :clap:

Will it be easy when you do start this for one to take an existing certificate issued as domain.com and www.domain.com and simply expand or convert the entire certificate to *.domain.com ???


I think “*.domain.com” won’t match "domain.com"
So it will still require two entries (in one cert) to cover all possibilities for one domain:


Perfect makes sense. Can’t wait.


They are technically different certificates, as you can’t modify certificates once they are signed. However, certbot should be able to allow you to pick the lineage for when you request a new/replacement certificate to include the new name.


Yes, any “modified” cert is actually a new cert.
But to answer his question, I think you could “expand” a cert to include the wildcard entry.

So that may take some thought nonetheless, as
becomes an overlap

Should certbot reduce this list for you? (probably not)

Also, wildcard doesn’t mean any and every.
For instance, a wildcard should not cover subdomains.
So a cert for:
can’t be reduced into: *.domain.tld


I do not think that certbot should reduce the list. Because maybe some tools did not correctly implement wildcard support.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.