On 19:27 Fri 02 Mar, Stuart Henderson wrote:
> On 2018-03-01, Consus <con...@ftml.net> wrote:
> > Let's Encrypt is going to support wildcard certificates soon enough, but
> > only through DNS-01 challenge, but acme-client(1) does not support it.
> > Have you guys considered implemeting DNS challenges? Maybe someone is
> > already working on the implementation? If not are patches welcome?
> Kristaps' original version of acme-client supports this, though you do
> need a script as well.
That's the most simple way do it, so I'm not surprised.
> It won't help for letsencrypt wildcard certificates yet because they
> require a new version of the ACME protocol.
Yes, but I think acme-client(1) should support ACME v2 anyway, because
it's not clear for how long Let's Encrypt will keep the legacy API
> (I'm not a fan of wildcard certs anyway though, they mostly just
> encourage people to reuse certs and keys in places where they aren't
True, but wildcards come in handy in situations where you have a bunch
of generated and short-living (often per http-session) DNS records with
a common domain.