{"id":28435,"date":"2018-03-16T09:58:39","date_gmt":"2018-03-16T07:58:39","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=28435"},"modified":"2018-03-16T09:59:40","modified_gmt":"2018-03-16T07:59:40","slug":"lets-encrypt-now-supports-wildcard-certificates","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/03\/16\/lets-encrypt-now-supports-wildcard-certificates\/","title":{"rendered":"Let’s Encrypt now supports wildcard certificates"},"content":{"rendered":"\n

Here are some very exciting news<\/a> from Let’s Encrypt<\/a>:<\/p>\n

We\u2019re pleased to announce that ACMEv2 and wildcard certificate support is live! With today\u2019s new features we\u2019re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.<\/p>\n

ACMEv24.0k<\/span><\/a>\u00a0is an updated version of our ACME protocol which has gone through the IETF standards process, taking into account feedback from industry experts and other organizations that might want to use the ACME protocol for certificate issuance and management some day.<\/p>\n

Wildcard certificates5.1k<\/span><\/a>\u00a0allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.<\/p>\n

Wildcard certificates are only available via ACMEv2. In order to use ACMEv2 for wildcard or non-wildcard certificates you\u2019ll need\u00a0a client that has been updated to support ACMEv28.5k<\/span><\/a>. It is our intent to transition all clients and subscribers to ACMEv2, though we have not set an end-of-life date for our ACMEv1 API yet.<\/p>\n

Additionally, wildcard domains must be validated using the DNS-01 challenge type. This means that you\u2019ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate.<\/p><\/blockquote>\n\n","protected":false},"excerpt":{"rendered":"\n

Here are some very exciting news from Let’s Encrypt: We\u2019re pleased to announce that ACMEv2 and wildcard certificate support is live! With today\u2019s new features we\u2019re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates. ACMEv24.0k\u00a0is an updated version of … Continue reading Let’s Encrypt now supports wildcard certificates<\/span><\/a><\/p>\n\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Let's Encrypt now supports wildcard certificates #WebDev #hosting #security #SSL #HTTP #LetsEncrypt","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18,133,62,1334],"tags":[3225,3427,200,3413,1330,2289],"keyring_services":[],"class_list":["post-28435","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-sysadmin","category-technology","category-web-work","tag-http","tag-lets-encrypt","tag-security","tag-ssl","tag-web-development","tag-web-hosting"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":22943,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/11\/21\/launching-in-2015-a-certificate-authority-to-encrypt-the-entire-web\/","url_meta":{"origin":28435,"position":0},"title":"Launching in 2015: Let’s Encrypt CA","author":"Leonid Mamchenkov","date":"November 21, 2014","format":false,"excerpt":"Electronic Frontier Foundation reports some excellent news: Today EFF is pleased to announce Let\u2019s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"encrypt-2","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2014\/11\/encrypt-2-500x256.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26033,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/18\/lets-encrypt-is-not-in-beta-anymore\/","url_meta":{"origin":28435,"position":1},"title":"Let’s Encrypt is not in Beta anymore","author":"Leonid Mamchenkov","date":"April 18, 2016","format":false,"excerpt":"Let's Encrypt - anew Certificate Authority, which is free, open, and automated - announced that it's leaving beta. \u00a0Just look at how many SSL certificates they've issued, and at what rate! I've first written about Let's Encrypt back in November 2014. \u00a0It hasn't been that long ago, but boy, what\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"Issuance-April-10-2016","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/04\/Issuance-April-10-2016-500x302.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26208,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/06\/27\/lets-encrypt-on-centos-7-and-amazon-ami\/","url_meta":{"origin":28435,"position":2},"title":"Let’s Encrypt on CentOS 7 and Amazon AMI","author":"Leonid Mamchenkov","date":"June 27, 2016","format":false,"excerpt":"The last few weeks were super busy at work, so I accidentally let a few SSL certificates expire. \u00a0Renewing them is always annoying and time consuming, so I was pushing it until the last minute, and then some. Instead of going the usual way for the renewal, I decided to\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27287,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/","url_meta":{"origin":28435,"position":3},"title":"Dissecting an SSL certificate","author":"Leonid Mamchenkov","date":"February 1, 2017","format":false,"excerpt":"Julia Evans does it again. \u00a0If you ever wanted to understand SSL certificates, her post \"Dissecting an SSL certificate\" is for you. \u00a0 This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27352,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/14\/fixing-outdated-lets-encrypt-zope-interface-error\/","url_meta":{"origin":28435,"position":4},"title":"Fixing outdated Let’s Encrypt (zope.interface error)","author":"Leonid Mamchenkov","date":"February 14, 2017","format":false,"excerpt":"I've started using Let's Encrypt for the SSL certificates a while back. \u00a0I installed it on all the web servers, irrelevant of the need for SSL, just to have it there, when I need it (thanks to this Ansible role). \u00a0One of those old web servers needed an SSL certificate\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29115,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/19\/well-known-uris\/","url_meta":{"origin":28435,"position":5},"title":"Well-Known URIs","author":"Leonid Mamchenkov","date":"December 19, 2018","format":false,"excerpt":"Back when Let's Encrypt started giving out free SSL certificates, one bit that visible all over the web was the \"well-known\" directory.\u00a0 I never thought much about it - it's just a name after all. Turns out, there is actually an RFC 5785 that defines a standard for the well-known\u2026","rel":"","context":"In "All"","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=28435"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28435\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=28435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=28435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=28435"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=28435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}