wildcard certificates with acme http-01 challenge

[ne20002]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I'd like to have an option to create wildcard certificates for my servers using acme http-01 challenge. I know that Letsencrypt does not allow this for good reasons but for my little internal private CA it would be very helpfull to have this feature.

Why is this needed?

Having wildcard certificates for my internal servers would ease handling updates. There is no need to supply multi (sub)domain certificates. Also, lighttpd setup would be much easier as adding multiple certificates to lighttpd is fiddling complicated.

[hslatman]

Hey @ne20002, there's currently no support for obtaining a wildcard certificate using a different challenge than a DNS challenge in the ACME standard, and I don't know of extensions that do allow it. When using an HTTP (or TLS-ALPN) challenge, the CA has to reach out to a specific host, which it can't do if the hostname contains a wildcard character. So I'm afraid we won't be able to support this use case.

You could look into using a combination of a DNS server and https://github.com/joohoi/acme-dns to make the DNS challeng work for you. Or, if you want to manage just a single certificate, could look into using one of our other provisioner types.

[ne20002]

OK