Wildcard certs, acme.sh and RSA/ECDSA


#1

Hello,

I am using acme.sh with great success to manage my certs for my servers (www, imaps, smtp, etc.). I’m using 2.8.0 (the latest as of a few days ago) of acme.sh and I know it does support wildcards certs. Im already using dns-01 for validation and my domain is secured by DNSSEC.

Instead of having a set of certs for individual services, I’m thinking of moving toward wildcard certs but, as I have both ECDSA (my default) and RSA keys (for services that do not support ECDSA), I am wondering whether it is possible to request two identical wildcard certs for the same *.example.net, one with RSA and the other with ECDSA.

I do not really see why it would not work but I’d rather ask beforehand :slight_smile:


#2

Hi @Keltounet :wave:

This is certainly possible.

The only thing to be careful of is that the two certificates will count as duplicates in relation to the “Duplicate Certificates” rate limit described in the rate limit documentation. The duplicate check is based on the certificate identifiers and not the subject public key.

Hope that helps!


#3

Excellent, thanks for the confirmation.

I’m replacing 5 ECDSA + 3 RSA byt two wildcards, I don’t think I’m going to hit the 5 dups per week :slight_smile:

Thanks for the answer!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.