Join the community today
Become a Member

ACME v2 and Wildcard Certificate Support is Live

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Mar 14, 2018.

  1. pamamolf

    pamamolf Well-Known Member

    3,119
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    11:47 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.

    ACMEv252 is an updated version of our ACME protocol which has gone through the IETF standards process, taking into account feedback from industry experts and other organizations that might want to use the ACME protocol for certificate issuance and management some day.

    Wildcard certificates73 allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.

    Wildcard certificates are only available via ACMEv2. In order to use ACMEv2 for wildcard or non-wildcard certificates you’ll need a client that has been updated to support ACMEv2184. It is our intent to transition all clients and subscribers to ACMEv2, though we have not set an end-of-life date for our ACMEv1 API yet.

    Additionally, wildcard domains must be validated using the DNS-01 challenge type. This means that you’ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate.

    For more technical information about ACMEv2 and wildcard certificates, see this post188.

    We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there. As a non-profit organization, we need strong support from our community so please consider getting involved4, making a donation8, or sponsoring4 Let’s Encrypt.
     
    • Like Like x 4
  2. pamamolf

    pamamolf Well-Known Member

    3,119
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    11:47 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Can we use the existing Centminmod Let's encrypt script for subdomain certificate or not?
     
  3. eva2000

    eva2000 Administrator Staff Member

    37,233
    8,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,523
    Local Time:
    7:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Great news on wildcard SSL cert support though Centmin Mod addon/acmetool.sh doesn't have that available yet as it's DNS validation only so needs user's domain DNS provider to have a supported DNS API setup at least. So work in progress as to how I implement it.

    subdomains are just another form of domain and works fine in addons/acmetool.sh and 123.09beta01's letsencrypt integration. Even official write up demo used subdomain for letsencrypt https://centminmod.com/letsencrypt-acmetool-https.html ;)
     
    • Informative Informative x 1
  4. pamamolf

    pamamolf Well-Known Member

    3,119
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    11:47 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Oops my mistake :(

    I mean wildcard and not subdomain :)

    Thanks George !
     
..