Wildcards for more than just base domains

We run a series of services all of the format:


So we have a need for wildcards for more than just base domains.

Any idea if/when that would be considered for support?

My understanding is that this will be supported with the initial launch in January.

I’m assuming the question is due to this sentence in the announcement:

We will initially only support base domain validation via DNS for wildcard certificates, but may explore additional validation options over time.

What this means is that in order to obtain a wildcard certificate, you will need to solve a challenge for the part of your domain excluding the wildcard symbol - in your example, that would be service.common.org.

What you can’t do is verify ownership using the HTTP or TLS-SNI challenge, or using a subdomain below the base domain.


As I understand it, Let’s Encrypt will be happy to issue this wildcard (once wildcards are supported). You will need to use DNS (the dns-01 challenge type) to prove control over the (sub) domain the wildcard is for.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.