In the blog post Wildcard Certificates Coming January 2018 it is stated that
We will initially only support base domain validation via DNS for wildcard certificates
I have a problem. My DNS-Hoster/Registrar is Namecheap. They don’t appear to have a solid understanding of security, as you cannot just insert or update a single record for a selected domain/subdomain. If you want to create or update a single TXT record for one subdomain, you will also need to send ALL the records for that domain (all records of all subdomains). So, in order for Certbot to create a temporary TXT record, it will have to write all MX records of all subdomains, all IP and CNAME records for all subdomains, twice.
This is absolutely insane, and for me a no-go. This means that I cannot use DNS-01. Could you please also provide an alternative method from the beginning, or give me some information on how to deal with this issue? Updating all those 21 certificates is always something which makes me feel uneasy, and I know that a wildcard certificate will be a real blessing.
What can I do?
Thank you a lot for this service, it’s one of the best things that happened to the internet for a long time.
