On 19:27 Fri 02 Mar, Stuart Henderson wrote: > On 2018-03-01, Consus <con...@ftml.net> wrote: > > Let's Encrypt is going to support wildcard certificates soon enough, but > > only through DNS-01 challenge, but acme-client(1) does not support it. > > Have you guys considered implemeting DNS challenges? Maybe someone is > > already working on the implementation? If not are patches welcome? > > Kristaps' original version of acme-client supports this, though you do > need a script as well.
That's the most simple way do it, so I'm not surprised. > It won't help for letsencrypt wildcard certificates yet because they > require a new version of the ACME protocol. Yes, but I think acme-client(1) should support ACME v2 anyway, because it's not clear for how long Let's Encrypt will keep the legacy API endpoints available. > (I'm not a fan of wildcard certs anyway though, they mostly just > encourage people to reuse certs and keys in places where they aren't > necessary). True, but wildcards come in handy in situations where you have a bunch of generated and short-living (often per http-session) DNS records with a common domain.
