Let’s Encrypt announced yesterday that its ACMEv2 API is now active and with it comes the possibility for users to obtain free wildcard certificates. This has been a long-awaited feature since the wild-card domain certificates are much more expensive than the regular single-host certificates and also makes managing SSL certificates for a domain much easier.
Wildcard certificates allow a single certificate to work with multiple subdomains of a particular domain. For example, if you had a wildcard certificate for the 20530302.xyz domain, that individual certificate could be used for xyz-test.20530302.xyz and any other subdomain. If the owner of a domain does not have a wildcard certificate, then you need to obtain one for each subdomain that they operate, which for larger organizations could become a management nightmare.
The availability of this feature comes with the release of version 2 of ACME API or Automated Certificate Management Environment, which is a protocol developed by Let’s Encrypt and the Internet Security Research Group that allows automated issuance and installation of SSL certificates. Because wildcard domains are not compatible with ACMEv1, users wishing to use wildcard certificates must upgrade to a client that supports ACMEv2. Fortunately, Let’s Encrypt has published a list of ACMEv2 support clients.
For those wishing to use the free offer of wildcard certificates from Let’s Encrypts, they will need to authenticate their ownership of a domain using a DNS-01 challenge. This type of challenge occurs when Let’s Encrypt issues a token associated with the domain for which it is trying to issue a certificate and this token must be placed in the DNS TXT record of the domain owner for that domain. By doing so, Let’s Encrypt confirms that you are the owner of the domain and, therefore, can receive a wild card certificate.
The ability to obtain free single server SSL certificates and now wildcard certificates makes the Internet one step closer to running completely through HTTPS. For those who are new to Let’s Encrypt and would like to learn how to get started, they have a tutorial available on their site.