Level 102
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
The V2 API supports issuing wildcard certificates. To request a wildcard certificate simply send a wildcard DNS identifier in the newOrder request.
Oct 5, 2020
8
Level 6
Dynamic wildcard SSL certificate
I've been trying and searching all over Google, StackOverflow and the Cloudflare forum, but was not able to solve this issue. Let's say I have an app were users can sign up and create their own page. This page should be accessible from "custom1.domain.com". Another user signs up and creates a page called "mypage" - so the subdomain will be "mypage.domain.com" and so on.
Apparently, this is only possible with a Cloudflare Enterprise plan, which is way too expensive for me. Also, creating a new A record via API is also not a solution, since there can be 1000+ pages.
What other solutions are there so that dynamically(!) created subdomains are automatically available through https? I'm not glued to Cloudflare for this, any reliable, easy to understand service will do it. I looked at AWS Route53 but that seems really complex and also would mean I have to completely move my domain to AWS, not just point there via DNS.
Level 27
Before having my own client, I used https://github.com/skoerfgen/ACMECert
For your wildcard cert, I suggest sending a request for *.domain.com together with domain.com.
Makes it easier when you have to support domain.com and its subdomains.
For wildcard certs, your only option is to authenticate via DNS-01. HTTP-01 is not allowed.
Each cert is also valid for only 90 days, but with a good client, it's a 1 time setup.
Level 102
Level 27
@sinnbeck yes I did because I'm on namesilo
- I needed to send in part 1 of DNS-01 for multiple certs
- Pause 15 min
- Perform part 2 for multiple certs
ACMECert needs to perform #2 for every cert and I could not find a way around it. I also added idiot proof checks such as to ensure key and cert matches as I get careless when sleepy.
A HTTP reload will create chaos when key and cert don't match. :)
Level 102
@laracoft Ah cool :) If you had made an official package, I would have checked that out ;)
Level 27
@sinnbeck don't get the wrong impression, it is heavily based on ACMECert. Let me try to package it. It's an artisan command actually.
Level 102
Its ok. Maybe I will sit down and build some sort of laravel package some day :p
Level 1
@Sinnbeck still waiting : D
Please or to participate in this conversation.