Join the community today
Register Now

Letsencrypt Letsencrypt Offering Wildcard SSL Certificates Jan 2018 !

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 7, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Letsencrypt folks announced that they will be planning on offering free wildcard SSL certificates via DNS validation from January 2018 Wildcard Certificates Coming January 2018 - Let's Encrypt - Free SSL/TLS Certificates !
     
    • Like Like x 2
    • Winner Winner x 1
    • Friendly Friendly x 1
  2. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    can't wait - FYI less than 4 weeks to go when Letsencrypt offer's free Wildcard SSL certificates :D
     
    • Like Like x 2
  3. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
    I am not into Letsencrypt. Are there plans to expand the expiration date for Letsencrypt certificates?
    90 days is too little for me
     
  4. pamamolf

    pamamolf Well-Known Member

    3,113
    295
    83
    May 31, 2014
    Ratings:
    +530
    Local Time:
    12:36 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Yup that's what i don't like also about it but as Centminmod auto renew it then all ok :)
     
    • Agree Agree x 1
  5. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
    True.
    But you do not structurally solve the problem of 90 days.

    And for that you need an extra mechanism to automatically renew it.
    Something you have to monitor as extra apart form all the rest.

    As a result of Letsencrypt and so on, you could obtain a Comodo certificate for like $ 3.99 a year.

    I will not mess around for a few dollars. Test sites or small sites (traffic) ok.
    But I do not put Letsencrypt on business.
     
    • Agree Agree x 2
  6. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    It's what I thought when I was first introduced to 90 day expiry SSL certificates, but now with more than a year using them with proper monitoring & automation in place, they aren't that bad. Generally they are auto renewed at 60 day mark so any failure to auto renew still gives you 30 days head room to figure out the problem if any.

    But yes commercial SSL certs have also come down in price - especially domain validated ones thanks to introduced letsencrypt competition :) Hoping the same effect happens for commercial Wildcard SSL certificates when Letsencrypt starts issues free Wildcard SSL certficates :D
     
    • Agree Agree x 2
  7. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    from Looking Forward to 2018 - Let's Encrypt - Free SSL/TLS Certificates public testing from January 4th, 2018 and full launch on Feb 27, 2018
     
    • Informative Informative x 1
  8. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
  9. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah different starting topics :D
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    @bassie i believe this is official letsencrypt project tracker for Acme v2 API development which is required to switch on wildcard ssl cert issuance on staging API at least first v2 API · GitHub
     
  11. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Letsencrypt ACME v2 API endpoint ready for public testing Let's Encrypt on Twitter

    from

    acme.sh client used for addons/acmetool.sh is also starting to test ACME v2 API neilpangxa on Twitter

    from Now acme.sh speaks ACME v2
     
    • Informative Informative x 1
  12. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
    Someone already generated some Letsencrypt Wildcard Certificates?
    I'm curious about the experience.
     
  13. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Haven't gotten that far yet for Centmin Mod integration at least as it's trickier to automate for nginx vhost generation because
    1. DNS validation only so not all DNS providers via API are supported in acme.sh though alot of most common are
    2. acme.sh has additional requirement of passing main domain name to command line for wildcard i.e. -d domain.com -d *.domain.com
    3. current centmin mod nginx vhost routines are tied to creation of a specific domain or subdomain name when passing parameters from addons/acmetool.sh to underlying acme.sh client so will need to work out some logic for nginx vhost routines when you try creating several subdomains off of the same domain i.e. sub1.domain.com, sub2.domain.com and sub3.domain.com. Traditional SSL wildcard would be fine with just using *.domain.com for common name. But with acme.sh I would need to manage required domain.com, *.domain.com and subX.domain.com for each subdomain. Ideally, I would like to see future acme.sh client remove the main domain requirement so can create SSL wildcard like traditional ones with just common name set to = *.domain.com
    Edit: ooh just checked, new feature Support one wildcard domain only in a cert · Issue #1188 · Neilpang/acme.sh · GitHub :D
     
  14. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
    Nice to see your enthusiasm:happy:
     
    • Like Like x 1
  15. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
  16. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
    Ok. Support for wildcard certificates is set for the full launch: Tuesday, February 27. That is upcoming Tuesday. But. The reason I don't use Letsencrypt is in the bottom one.

     
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Good news though yeah a full complete ECDSA certificate chain is the only thing missing :)
     
  18. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
    Exactly.
    Letsencrypt - ECDSA is more important and more important for several facets than
    Wildcard SSL Certificates. As you already can obtain SSL Certificates for all the sub domains that you want.

    That is why I honestly do not understand that wildcards have been given more priority. Then a full complete ECDSA certificate chain
     
  19. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    7:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    well progress and perfection take time :D
     
  20. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    11:36 PM
..