Wildcard Certificates Coming January 2018


#63

Maybe a more specific version of that question would then be “can you mix wildcard and non-wildcard names in the same cert?” or “can you mix a wildcard name with a different unrelated domain name within the same cert?” and I agree that the answer is “yes, you can”.


#64

This is the best news I’ve heard since the invention of the wheel and sliced bread :grin: WELL DONE Let’s Encrypt, come 2018 you are going to shake up the SSL market something chronic. :+1: :clap:

Will it be easy when you do start this for one to take an existing certificate issued as domain.com and www.domain.com and simply expand or convert the entire certificate to *.domain.com ???


#65

I think “*.domain.com” won’t match "domain.com"
So it will still require two entries (in one cert) to cover all possibilities for one domain:
domain.com
*.domain.com


#66

Perfect makes sense. Can’t wait.


#67

They are technically different certificates, as you can’t modify certificates once they are signed. However, certbot should be able to allow you to pick the lineage for when you request a new/replacement certificate to include the new name.


#68

Yes, any “modified” cert is actually a new cert.
But to answer his question, I think you could “expand” a cert to include the wildcard entry.

So that may take some thought nonetheless, as
domain.com
www.domain.com
other.domain.com
*.domain.com
becomes an overlap

Should certbot reduce this list for you? (probably not)

Also, wildcard doesn’t mean any and every.
For instance, a wildcard should not cover subdomains.
So a cert for:
www.sub1.domain.tld
www.sub2.domain.tld
can’t be reduced into: *.domain.tld


#70

I do not think that certbot should reduce the list. Because maybe some tools did not correctly implement wildcard support.


#71

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.