Join the community today
Become a Member

Letsencrypt Updated to ACMEv2? Here's how Netlify made the change and began using wildcard certificates

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Jun 14, 2019.

  1. pamamolf

    pamamolf Premium Member Premium Member

    3,436
    327
    83
    May 31, 2014
    Ratings:
    +625
    Local Time:
    7:29 PM
    Nginx-1.17.x
    MariaDB 10.3.x
  2. eva2000

    eva2000 Administrator Staff Member

    41,292
    9,266
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,217
    Local Time:
    2:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah Centmin Mod's acmetools.sh uses acme.sh client which is already v2 supported. Though for nginx vhost generation via centmin.sh menu option 2, 22 and nv commands it's still issuance per domain name SSL certs with letsencrypt due to the logic involved. Though technically you can manually do acme.sh client wildcards if you want to in Centmin Mod 123.09beta01 for initial letsencrypt ssl cert issuance and it will auto renew. Just slight modification to step 4 outlined at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates with appropriate acme.sh options for wildcard SSL certificates and modification to Nginx vhosts' server_name(s).
     
    • Like Like x 1
  3. fabianski

    fabianski Member

    102
    13
    18
    Feb 20, 2019
    Brazil
    Ratings:
    +35
    Local Time:
    1:29 PM
    I'm a bit confused about how to do this.
    I have a subdomain pointed to nixstats, it is for a monitoring page, and it does not have an ssl certificate.

    There is also a subdomain to access phpmyadmin.

    Would a wildcard certificate solve this?

    Is this possible in centminmod?
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,292
    9,266
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,217
    Local Time:
    2:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    centmin.sh menu option 2, 22 and nv commands it's still issuance per domain name SSL certs with letsencrypt due to the logic involved.