As the title, Let’s Encrypt finally released the Wildcard (general domain name) certificate after several rounds of jump tickets, the folk called: wild card
Let’s Encrypt is a digital certificate authority launched in the third quarter of 2015 to eliminate the complex process of manually creating and installing certificates in an automated process, and to promote the ubiquity of encrypted connections to Web servers, providing free SSL /TLS for secure websites. certificate. And has been granted root credits from major browser vendors such as Google, Mozilla, and Microsoft.
Table of Contents
Let’s Encrypt Wildcard certificate
The following is the official text of Let’s Encrypt: ACME v2 and Wildcard wildcard certificate officially released
We are pleased to announce the official release of ACMEv2 and Wildcard Certificates! With today’s new features, we are continuing to break the barrier of adopting HTTPS on the Web, making it easier for each website to obtain and manage free SSL certificates.
ACMEv2 is an updated version of our ACME protocol that has passed the IETF standard process, taking into account feedback from industry experts and other organizations that may wish to use the ACME protocol for certificate issuance and management on a certain day.
Wildcard certificates allow you to protect all subdomains of a domain with a single certificate. In some cases, wildcard certificates can make certificate management easier, and we want to address these situations to help bring the Web to 100% HTTPS. For most use cases, we still recommend using non-wildcard certificates.
Wildcard certificates are only available through ACMEv2. In order to use ACMEv2 for wildcard or non-wildcard certificates, you need a client that has been updated to support ACMEv2. Our intention is to convert all users to ACMEv2, although we have not set the enable date for our ACMEv1 API.
In addition, the wildcard domain must be verified using the DNS-01 challenge type. This means that you need to modify the DNS TXT record to demonstrate control of the domain to obtain a wildcard certificate.
We are very excited about the prospects of 100% HTTPS Web and we are working hard to achieve this.
Since wild card authentication only supports dns authentication, http authentication is not supported. So please use dns api mode.
sh –issue -d exmaple.com -d *.example.com –dns dns_cf
Acme.sh supports the native integration of more than 40 dns apis , I believe you must have the one you use.
https://github.com/Neilpang/acme.sh/tree/master/dnsapi
If you don’t have one, you can try our unique dns alias mode:
https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
The certificate that Let’s Encrypt actually issued is far less important than its symbolic meaning, which is to greatly reduce the threshold for entry of DV certificates, and thus promote the HTTPS of the entire network.
For the foreseeable future, all websites and applications will use HTTPS encrypted connections and support HTTP 2.0.
https://www.youtube.com/watch?v=AuMj31MEy5E