You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Issue details
I'd like to have an option to create wildcard certificates for my servers using acme http-01 challenge. I know that Letsencrypt does not allow this for good reasons but for my little internal private CA it would be very helpfull to have this feature.
Why is this needed?
Having wildcard certificates for my internal servers would ease handling updates. There is no need to supply multi (sub)domain certificates. Also, lighttpd setup would be much easier as adding multiple certificates to lighttpd is fiddling complicated.
The text was updated successfully, but these errors were encountered:
Hey @ne20002, there's currently no support for obtaining a wildcard certificate using a different challenge than a DNS challenge in the ACME standard, and I don't know of extensions that do allow it. When using an HTTP (or TLS-ALPN) challenge, the CA has to reach out to a specific host, which it can't do if the hostname contains a wildcard character. So I'm afraid we won't be able to support this use case.
You could look into using a combination of a DNS server and https://github.com/joohoi/acme-dns to make the DNS challeng work for you. Or, if you want to manage just a single certificate, could look into using one of our other provisioner types.
Hello!
Issue details
I'd like to have an option to create wildcard certificates for my servers using acme http-01 challenge. I know that Letsencrypt does not allow this for good reasons but for my little internal private CA it would be very helpfull to have this feature.
Why is this needed?
Having wildcard certificates for my internal servers would ease handling updates. There is no need to supply multi (sub)domain certificates. Also, lighttpd setup would be much easier as adding multiple certificates to lighttpd is fiddling complicated.
The text was updated successfully, but these errors were encountered: