Let’s Encrypt: Wildcard Certs Coming Soon
Anybody using Let’s Encrypt? Having recently set it up for a client, I’m really impressed with it. It gives you HTTPS certs for your web servers at no cost, and with very little effort, since the entire process is automated (with authentication via the “ACME” protocol). The certs are only valid for 90 days, to try to minimize potential damage from any compromises, but the renewal process is equally easy to automate. The one service they haven’t offered up to now is certs for wildcard domains (e.g. “*.example.com”). Looks like they will soon have a procedure for this, too <https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/>.
On 07/07/17 16:00, Lawrence D'Oliveiro wrote:
Anybody using Let’s Encrypt?
All the time. Other than docker, it's the best thing that has happened in a while.
Having recently set it up for a client, I’m really impressed with it. It gives you HTTPS certs for your web servers at no cost, and with very little effort, since the entire process is automated (with authentication via the “ACME” protocol). The certs are only valid for 90 days, to try to minimize potential damage from any compromises, but the renewal process is equally easy to automate.
This is the key to making LE work well in a production environment, and dev environments. There are many tools that can do this.
The one service they haven’t offered up to now is certs for wildcard domains (e.g. “*.example.com”). Looks like they will soon have a procedure for this, too <https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/>.
This will definitely help with TLSA records, for those people that use it. -- Simon
participants (2)
-
Lawrence D'Oliveiro -
Simon Green